LongRec

Compliance Work PackageState-of-the-Art

Hannelore Dekeyser

September 2008

ICRI - K.U.Leuven - IBBT

©Det Norske Veritas, 2008

This report is produced as a contribution to the LongRec (Long-Term Records Management)

project headed by Det Norske Veritas (DNV) in collaboration with a number of case part-

ners, commercialization partners and research partners. The primary objective of LongRec is

persistent, reliable and trustworthy long-term archival of digital information records with em-

phasis on availability and use of the information. The project’s public web site is at http:

//www.longrec.com.

LongRec is a three year project (2007-2009) partly funded by the Norwegian Research Coun-

cil. The project constitutes the Norwegian team of the InterPARES 3 project, http://www.

interpares.org

Contents

1 Compliance 2

2 Legal informatics 6

2.1 Access to law . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

2.1.1 Referencing legal norms . . . . . . . . . . . . . . . . . . . . . . . . 7

2.1.2 Cross-border and multilingual legal information systems . . . . . . . 14

2.1.3 Bridging the gap: tying legislation to its application domain . . . . . . 16

2.2 Legal semantic web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

2.2.1 Legal RDF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

2.2.2 Legal ontologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

2.2.3 Legal Logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

3 Evidence 25

3.1 Digital Forensics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

3.1.1 Digital archiving readiness . . . . . . . . . . . . . . . . . . . . . . . 27

3.2 Burden of proof . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

3.3 Admissibility of evidence . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

3.4 Probative value of digital evidence . . . . . . . . . . . . . . . . . . . . . . . 33

3.4.1 Probative value of (digital) copies . . . . . . . . . . . . . . . . . . . 34

3.5 Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

3.6 Technological tools for capturing and handling evidence . . . . . . . . . . . . 36

1

LongRec Compliance State-of-the-Art

4 Legal Metadata 42

4.1 Data protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

4.1.1 Data protection terminology . . . . . . . . . . . . . . . . . . . . . . 45

4.1.2 Learning from the experience of others: the SWIFT case . . . . . . . 45

4.1.3 Jurisdiction: which data protection laws apply? . . . . . . . . . . . . 47

4.1.4 Is there personal data present in the records? . . . . . . . . . . . . . . 48

4.1.5 Is there ‘sensitive data’ present in the records? . . . . . . . . . . . . . 49

4.1.6 Do I know about who I’m processing personal data . . . . . . . . . . 49

4.1.7 Do I have legitimate grounds for processing the data? . . . . . . . . . 50

4.1.8 Why am I (still) processing this data? . . . . . . . . . . . . . . . . . 52

4.1.9 What is my data quality assurance policy? . . . . . . . . . . . . . . . 54

4.1.10 What is my data security policy? . . . . . . . . . . . . . . . . . . . . 55

4.1.11 How am I processing my data? . . . . . . . . . . . . . . . . . . . . . 56

4.1.12 Do I know where data comes from and where it goes? . . . . . . . . . 57

4.1.13 Is my data crossing borders? . . . . . . . . . . . . . . . . . . . . . . 57

4.1.14 Translation of privacy rules into information systems design . . . . . 58

4.2 Copyright . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

4.2.1 Ingest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

4.2.2 Preservation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

4.2.3 Dissemination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

4.2.4 (Re)Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

4.2.5 Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

4.2.6 Existing metadata models for copyright . . . . . . . . . . . . . . . . 66

5 Recordkeeping 93

5.1 Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

5.2 Best practices and guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . 94

2

LongRec Compliance State-of-the-Art

5.3 Regulatory recordkeeping requirements . . . . . . . . . . . . . . . . . . . . . 97

5.3.1 Public Sector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

5.3.2 Private sector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

3

Chapter 1

Compliance

Compliance is “conformity in fulfilling official requirements”1 or “demonstrating conformity

with regulatory or legal constraints”.2

Achieving compliance is challenging for any organisation, and even more so for multinationals.

Firstly, an overview of all relevant regulatory provisions must be obtained and kept up to date. In

particular, sector specific regulations must be taken into consideration. Secondly, the – usually

abstract – regulatory provisions must be interpreted and applied to the specific situation of the

organisation. Interpretations may evolve over time, notably influenced by administrative deci-

sions or jurisprudence, making it necessary to keep track of which interpretation whas held at

what time. To complicate matters further, the entire body of regulations in a country or region is

not necessarily coherent. Only too often do gaps or even contradictions become apparent when

applying the law. Multinationals are per definition subject to rules stemming from different ju-

risdictions, the odds of such an organisation not running into conflicting regulations is close to

zero. Ultimately, no matter how complicated the set of legal rules applicable, the organisation

must draw its conclusions in order for it to effectively design its business processes and set out

policies that determine its course of action.

The process of preparing compliance policies as well as monitoring and enforcing them is not

automated to a significant degree.3 Usually, inhouse legal advisors and/or external legal counsel1 Online Merriam-Webster Dictionary, http://www.m-w.com.2 ROWLINGSON, ROBERT, “A Ten Step Process for Forensic Readiness”, International Journal of Dig-

ital Evidence, vol. 2 2004, Nr. 3 , http://www.utica.edu/academic/institutes/ecii/publications/articles/A0B13342-B4E0-1F6A-156F501C49CF5, p. 10.

3 There are of course companies that advertise their solutions as ‘ompliance’ solutions. It is difficult to tell whetherthis is more than another way to sell their IT security solutions to companies. Two (random) examples arehttp://www.agiliance.com/ andhttp://www.safestone.com/.

4

LongRec Compliance State-of-the-Art

seek out relevant regulations as well as their interpretation as input for designing business pro-

cesses and drafting compliance policies. At a later time, either on a regular basis or as the need

presents itself, the business processes and compliance policies may be reevaluated and modi-

fied in light of modifications to regulation or changed interpretation of regulation or in light of

evolving business needs.

A great many countries systematically publish legislation and regulation online and have done

so for quite some time.4Increasingly, countries not only offer a chronological view of issued

regulation, but also make available consolidated views on regulatory texts. The consolidated

view is often limited to the version in force at present, but more and more systems are capable

of showing point-in-time consolidated versions.

An extensive overview of online sources of public legal information5 is maintained by the World

Legal Information Institute (WorldLII).

Such regulatory databases are a great tool for human users, but a far cry from machine-readable

texts. Current research in the field of legal informatics and information retrieval is devoting

much effort to making machine-readable texts a reality.6

Which records management system to use for policy documents is a matter each organisation

must decide for itself. From a compliance viewpoint, backlinks from policy to the regulatory

texts they implement are of great importance. From an evidence viewpoint, the preservation of

policy documents over time in an authentic way is imperative.7

Having compliance policies is one thing, their application in practice is quite another. A first

step to take is to ensure that the organisation’s records, stemming from its – supposedly com-

pliant – activities, should appropriately reflect which policies were relevant to them and ideally

also show that they were followed. Linking records with policies, as well as recording data

about their application, is a matter for legal metadata.8 To illustrate the need for legal metadata,

consider records containing personal data9 and/or copyrighted information.10 All records con-4 It should be noted that in many jurisdictions only the official publication on paper is the authoritative version

of regulatory texts. In case of a discrepancy between the paper and online version, the paper version takesprecedence.

5 “Public legal information means legal information produced by public bodies that have a duty to produce law andmake it public. It includes primary sources of law, such as legislation, case law and treaties, as well as varioussecondary (interpretative) public sources, such as reports on preparatory work and law reform, and resulting fromboards of inquiry. It also includes legal documents created as a result of public funding.”, Declaration on FreeAccess to Law, http://www.worldlii.org/worldlii/declaration/montreal_en.html.

6 See 2 “Legal Informatics” on page 6.7 See 3 “Evidence” on page 25.8 See 4 “Legal Metadata” on page 42.9 See 4.4.1 “Privacy Metadata” on page 43.

10 See 4.4.2 “Copyright Metadata” on page 60.

5

LongRec Compliance State-of-the-Art

taining personal data should be linked to their governing privacy policy or policies, which detail

how they ought to be handled. If the privacy policy demands that consent is obtained, it is im-

perative that metdata reflects that such consent was in fact obtained. If an exception is invoked

in order to process data without consent, this should be recorded in stead. The same holds for

copyrighted records. A link to the copyright policy serves to show how the records ought to

be treated throughout their life-cycle in an organisation. Metadata should record how the policy

was applied in practice, e.g. obtaining a licence, operating under a copyright exemption, etc. Ul-

timately, it serves little purpose to link records to policies if there is no way of knowing whether

or not the policies were actually followed in any given instance.

Compliance is not so much a separate activity, as a quality of the way in which an organisation

conducts its activities. The design of work processes should lead to compliance, and the records

resulting from those processes should reflect their compliance. In turn the records should be

handled in a way that is compliant with rules applicable to records management as a work

process in its own right.11

How can information technology improve efficiency in the process from regulation to policy

formulation and ultimately compliance?

Two quick wins can be identified: deploying an information management system for regulatory

texts and implementing a records management solution for policy documents. Ideally, both these

systems

should be able to give point-in-time consolidated versions of either regulations or policies.

Creating stand-alone systems for regulations and policies respectively is only a small step for-

ward. The next step is to interconnect these knowledge bases in the most efficient way. A

relatively straightforward way of doing this is creating backlinks from policy documents to the

regulatory texts from which they stem or of which they are an application. Preferably the links

between policies and regulations is very precise, on the provision or even rule level.

A more sophisticated form of backlinking would take into consideration intermediate steps

which inform the organisation’s decision making process from regulation to policy, notably ju-

risprudence, legal doctrine, and the opinion of inhouse or external legal counsel.

Aside from further research in the field of legal informatics, there is an economical aspect to

consider. Developing and maintaining such sophisticated legal information systems as are en-

visaged is very costly. Even large multinational corporations may find the costs prohibitive. A

business modeling exercise could examine alternative approaches, e.g. inhouse development,11 See 5 “Recordkeeping” on page 93.

6

LongRec Compliance State-of-the-Art

outsourcing, community platform building, etc. Figuring out which model(s) are economically

viable would allow interested organisations to choose a winning strategy.

Further reading

• Governance & Compliance Project http://www.zurich.ibm.com/csc/security/

compliance.html, IBM Research Laboratory

• GASSER, URS and HAEUSERMANN, DANIEL M., “E-Compliance: Konzept, Merkmale, Auf-

gaben und organisatorische Auswirkungen”, In X. (ed.), Internet-Recht und Electronic Com-

merce Law: 9. Tagungsband, Bern, Stämpfli, 2006

• PFITZMANN, BIRGIT, POWERS, CALVIN and WAIDNER, MICHAEL, IBM’s Unified Gover-

nance Framework (UGF) Initiative, Zurich, IBM Research Division, 2007, IBM Research

Report RZ 3699 , http://www.zurich.ibm.com/pdf/csc/rz3699_UGF-whitepaper.

pdf

• GASSER, URS and HAEUSERMANN, DANIEL M., E-Compliance: Towards a Roadmap for

Effective Risk Management, Harvard, The Berkman Center for Internet Society, 2007 ,

http://ssrn.com/abstract=971848

7

Chapter 2

Legal informatics

Legal informatics studies the application of information technology to the practice of the law:

“[L]egal informatics is a complex of theories, methods and techniques for getting

to know, producing, managing, amending, using law, with the aim of guaranteeing

the certainty of the law itself, increasing the efficacy of the services offered by the

justice establishment, contributing to making of law a special social function pro-

moting the integration, the balance and the cultural evolution of the social system.”1

“Legal informatics is, then, that science concerned with problems linked to the ef-

fective storage, retrieval and transmission of legal data; but it also deals, and from a

slightly different perspective, with problems relating to the rationalization of legal

activity; within this second grouping, the studies relating to formalization of the

legal order (in particular, research in the fields of legal language, formal legal logic

and artificial intelligence in the field of law) take on particular importance.”2

An overview of the developments in legal informatics so far, as well as current and future trends

in research is provided in the One-Lex mission statement.3

1 LIMONE, D. A., “L’insegnamento dell’informatica giuridica in Italia”, In FROSINI, V and LIMONE, D. A. (ed.),L’insegnamente dell’informatica giuridica, Naples, 1990. English translation from BINAZZI, SIMONA et al.,“ITLaw: An Advanced Documentation System in Legal Informatics”, The Journal of Information, Law andTechnology, 1999, Nr. 1 , http://www2.warwick.ac.uk/fac/soc/law/elj/jilt/1999_1/idg/binazzi/.

2 BINAZZI et al., The Journal of Information, Law and Technology 1999, op. cit. (as in n. ??).3 http://www.one-lex.eu/The%20Project/Mission/Mission.html.

8

LongRec Compliance State-of-the-Art

2.1 Access to law

The World Legal Information Institute (WorldLII) maintains an extensive overview of online

sources of public legal information, meaning “legal information produced by public bodies that

have a duty to produce law and make it public. It includes primary sources of law, such as

legislation, case law and treaties, as well as various secondary (interpretative) public sources,

such as reports on preparatory work and law reform, and resulting from boards of inquiry. It

also includes legal documents created as a result of public funding.”4

A basic problem to solve is how to identify norms and the individual provisions within them, as

well as how to persistantly be able to point to their location.

In the political and economical landscape of today, access to the law must necessarily include

access to legal texts stemming from the transnational and/or international level.5 This implies

finding an appropriate method to deal with the use of multiple languages.

2.1.1 Referencing legal norms

Unambiguous pointers are a prerequisite for a reliable system of cross-referencing between reg-

ulatory texts, both within one jurisdiction and amongst different jurisdictions. Such pointers

would be equally usefull to link back to regulation from policy documents intended to imple-

ment these, which is a functionality of the compliance solution proposed here.

Research has sought to solve the referencing problem with the development of legislative XML

schemas.6 The challenges faced by any standard for legislative XML, in particular when several

jurisdictions are involved, is discussed by Hatter.

Particular to the legal world is the importance of maintaining an overview of what happened

over time. The law is not static but changes over time. Being able to reconstruct the current,

past and future versions of legal texts is crucial in understanding which obligations and rights

pertained at a specific point in time. The most consistent way to incorporate these transforma-

tions in metadata schemas is by using event descriptions, according to Boer, however he notes4 Declaration on Free Access to Law, http://www.worldlii.org/worldlii/declaration/montreal_en.html .

5 HATTER, CLYDE, “Standard Models for Legislation - The Cost of Compliance”, In BIAGIOLI, CARLO,FRANCESCONI, ENRICO and SARTOR, GIOVANNI (ed.), Proceedings of of the V Legislative XML Workshop,European Press Academic Publishing, 2007 , http://www.e-p-a-p.com/dlib/9788883980466/art16.pdf.

6 An introduction to legislative XML can be found at the One-Lex project website: Presentations http://www.one-lex.eu/Activities/summerschool/slides.html, Papers http://www.one-lex.eu/Activities/summerschool/readings.html

9

LongRec Compliance State-of-the-Art

that few metadata schemes for legislation include events as such.7 A great number of dates may

be of importance to a legal norm: adoption, publication, entry into force, efficacy, applicabil-

ity, . . . Sometimes laws come into effect retroactively or modifications only become or remain

effective when certain conditions are fulfilled.8

Norme in Rete

The ‘Norme in Rete’ (NIR) project [Legislation on the Net] aims to create a single point of access

to legal texts and to devise a mechanism of stable cross-references among legal documents. To

achieve these goals, two standards have been developped:

1. a standard for cross-referencing legal documents using a uniform name (URN), which is an

unambiguous identifier, allowing the references to be expressed in a persistent way, indepen-

dently of document physical location;

• The URN must be able to unambiguously identify any normative measure regardless which

normative body issued it.

• The URN must make the distinction between past, present and future measures.

2. a standard for legal document description by defining XML-DTDs (NIR-DTDs) of increasing

degree of complexity.

The NIR URN syntax contains 5 elements:

• Name-space identified by ‘nir’;

• Enacting authority: eg Ministry of Finance;

• Type of measure: e.g. law, decree;

• Details: eg. Date of issue, Different later versions of the document;

• Annexes;7 BOER, ALEXANDER, “Using event descriptions for metadata about legal documents”, In WINKELS, RADBOUD

and FRANCESCONI, ENRICO (ed.), Electronic Proceedings of the Workshop on Standards for Legislative XML,2007 , http://www.leibnizcenter.org/~winkels/events.pdf.

8 PALMIRANI, MONICA and BRIGHI, RAFFAELLA, “Time Model for Managing the Dynamic of Normative Sys-tem”, In WIMMER, MARIA A. et al. (ed.), Electronic Government,; RIVERET, RÉGIS, PALMIRANI, MON-ICA and ROTOLO, ANTONINO, “Legal Consolidation formalised in Defeasible Logic and based on Agents”,In BIAGIOLI, CARLO, FRANCESCONI ENRICO SARTOR GIOVANNI (ed.), Proceedings of of the V Legisla-tive XML Workshop, European Press Academic Publishing, 2007 , http://www.e-p-a-p.com/dlib/9788883980466/art9.pdf; GRANDI, FABIO, MANDREOLI, FEDERICA and TIBERIO, PAOLO, “Temporalmodelling and management of normative documents in XML format”, Data Knowledge Engineering, vol. 542005, Nr. 3 , http://dx.doi.org/10.1016/j.datak.2004.11.002.

10

LongRec Compliance State-of-the-Art

It should be noted that the URN system should be able to cope with changes in the state’s

organisation (new normative bodies, renaming of normative bodies, mergers and splits, . . . ).

The NIR project uses a normalization mechanism to deal with variations or mistakes in the

URN terms.

This project deals only with the legal texts of one country. This system could easily be adapted

to an international context by introducing more name-spaces. For instance, country codes could

be used for national legislation and specific codes for international and regional bodies (UN,

OECD, EU, . . . ).9

In addition to the referencing system which allows to reliable locate legal texts, the NIR project

has developed a set of XML schemas to structure legal texts internally.

Three DTDs of increasing degree of depth have been developed. The first is a flexible schema –

‘DTD flessibile’ (nirloose.dtd) – which has no mandatory rules so that it can be used for legacy

legal documents. A second schema – ‘DTD completo’ (nirstrict.dtd) – is intended to support the

drafting of new legal texts in accordance with certain drafting rules. A third schema – the ‘DTD

base’ (nirlight.dtd) – is a subset of the ‘DTD completo’.

The NIR-DTDs capture 2 different aspects of legal texts. Firstly, the formal characteristics of

the text are described, there are elements for heading, preamble, sections, articles, paragraphs,

references to other laws, tables, lists, . . . This includes general metadata as subject classifica-

tion, publication date and relationship with other acts. Secondly, the functional characteristics

of the text are described. This is done by dividing the texts into its most basic components,

being ‘provisions’ (a fragment of a regulation). The type of the provision can be described, most

commonly ‘obligation’, ‘prohibition’, ‘sanction’, ‘exception’. Particular metadata of an analyti-

cal nature is then added to these provisions, so-called ‘arguments’, which comprise information

about the addressee, the counter-party, the action to be taken, . . . Metadata regarding version

control can be added as well, such as information regarding insertion of provisions, abrogation

or substition.

Work is ongoing to incorporate time references into the DTD’s. This relates to any reference

to time within the text, eg. deadlines, prescription periods, etc., which will be described as an

argument of a provision, but also to time constraints external to the text, e.g. entry into force or

time of abrogation.9 See the solution proposed in SPINOSA, PIERLUIGI, “Expansion and Internationalization of the Italian

Schema of Assignment of Uniform Names”, I Quaderni, 2005, Nr. 18 , http://www.cnipa.gov.it/site/_files/Quaderno\%2018.pdf and SPINOSA, PIERLUIGI, “Internationalization of the Legal URNSchema”, In BIAGIOLI, CARLO, FRANCESCONI, ENRICO and SARTOR, GIOVANNI (ed.), Proceedings of of theV Legislative XML Workshop, European Press Academic Publishing, 2007 , http://www.e-p-a-p.com/dlib/9788883980466/art6.pdf.

11

LongRec Compliance State-of-the-Art

The NIR project started in 1999 and ended in November 2001, the results were published in

Informatica e Diritto, 2000, vol. 1 and 2001, vol. 2. An XML editor using the NIR DTDs is

under development.10

Further reading

• NIR project page http://www.ittig.cnr.it/Ricerca/UnitaEng.php?Id=40\

&T=1

• BIAGIOLI, C. et al., “The NIR Project: standards and tools for the Italian legislative environ-

ment”, Berlin, 2004 , http://www.jurix.nl/index.php?option=com_docman\

task=docclick\Itemid=27\bid=14\limitstart=0\limit=10

• SPINOSA, PIERLUIGI, “Expansion and Internationalization of the Italian Schema of Assign-

ment of Uniform Names”, I Quaderni, 2005, Nr. 18 , http://www.cnipa.gov.it/

site/_files/Quaderno\%2018.pdf, op. cit. (as in n. ??)

• FRANCESCONI, ENRICO, “The "Norme in Rete"- project: Standards and tools for Italian

legislation”, International Journal of Legal Information, Vol. 34 2006, Nr. 2 , http://

www.xmleges.org/ita/images/stories/francesconiijli06.pdf

• AGNOLONI, TOMMASO, FRANCESCONI, ENRICO and SPINOSA, PIERLUIGI, “xmLegesEd-

itor: an OpenSource Visual XML Editor for supporting Legal National Standards”, In BI-

AGIOLI, CARLO, FRANCESCONI, ENRICO and SARTOR, GIOVANNI (ed.), Proceedings of

of the V Legislative XML Workshop, European Press Academic Publishing, 2007 , http:

//www.e-p-a-p.com/dlib/9788883980466/art17.pdf, op. cit. (as in n. ??)

• SPINOSA, PIERLUIGI, “Internationalization of the Legal URN Schema”, In BIAGIOLI, CARLO,

FRANCESCONI, ENRICO and SARTOR, GIOVANNI (ed.), Proceedings of of the V Legislative

XML Workshop, European Press Academic Publishing, 2007 , http://www.e-p-a-p.

com/dlib/9788883980466/art6.pdf, op. cit. (as in n. ??)

MetaLex

The objective of MetaLex is to create an open XML interchange format for legal and legislative

resources.10 AGNOLONI, TOMMASO, FRANCESCONI, ENRICO and SPINOSA, PIERLUIGI, “xmLegesEditor: an Open-

Source Visual XML Editor for supporting Legal National Standards”, In BIAGIOLI, CARLO, FRANCESCONI,ENRICO and SARTOR, GIOVANNI (ed.), Proceedings of of the V Legislative XML Workshop, EuropeanPress Academic Publishing, 2007 , http://www.e-p-a-p.com/dlib/9788883980466/art17.pdf. See also http://www.ittig.cnr.it/Ricerca/UnitaEng.php?Id=8\&T=3 and http://www.xmleges.org/ita/.

12

LongRec Compliance State-of-the-Art

“The standard intends to provide a generic and easily extensible framework for

the XML encoding of the structure and contents of legal and paralegal documents.

This obviously includes legislation and case law, but also written public decisions,

internal and external business regulations (for instance ship classification rules as

in [Winkels11]), and contracts. XML elements and structure are defined in schemas

that can be used to validate a document. Since there is a great variety of legal

documents that cannot be covered by one normative standard, the standard consists

of multiple schemas defining vocabularies that can be mixed in a document.”12

The following legal texts have been used as test cases:

• Dutch law on income tax in the context of the E-POWER13

• Dutch penal code of 1881 in the context of the e-COURT project

• Italian & Polish court room transcripts and case law for e-COURT

“The standard differs from other existing metadata schemes for legal documents in

two respects; it is language-independent and it aims to accommodate uses of XML

beyond search and presentation services.”14

“The MetaLex XML schema aims to be a standard interchange format for legal

documents for the purposes of presentation, description of the relations between

legislative documents, search and filtering on meaningful levels of detail ([Moens15,

Turtle16]), and version management and file exchange.”17

“The MetaLex XML schema has been designed with multilingual regulations and

differences between the main European languages in mind.”18

11 WINKELS, R.G.F. et al., “Generating Exception Structures for Legal Information Serving”, In GORDON, TH.F.(ed.), Proceedings of the Seventh International Conference on Artificial Intelligence and Law (ICAIL-99), NewYork, ACM, 1999

12 BOER, ALEXANDER, HOEKSTRA, RINKE and WINKELS, RADBOUD, “Metalex: Legislation in XML”, InBENCH-CAPON, TREVOR, DASKALOPULU, ASPASSIA and WINKELS, RADBOUD (ed.), Legal Knowledge andInformation Systems: JURIX 2002, IOS Press, 2002 , http://www.jurix.nl/pdf/j02-01.pdf, p. 1.

13 VAN ENGERS, T. et al., “POWER: Using UML/OCL for Modeling Legislation -an application report”, In X.(ed.), Proceedings of the 8th International Conference on Artificial Intelligence and Law (ICAIL 2001), NewYork, ACM, 2001

14 BOER, HOEKSTRA and WINKELS, Metalex: Legislation in XML, op. cit. (as in n. ??), p. 1.15 MOENS, MARIE-FRANCINE, “Innovative techniques for legal text retrieval”, Artificial Intelligence and Law, 9

200116 TURTLE, H., “Text retrieval in the legal world”, Artificial Intelligence and Law, 3 199517 BOER, HOEKSTRA and WINKELS, Metalex: Legislation in XML, op. cit. (as in n. ??), p. 3.18 BOER, HOEKSTRA and WINKELS, Metalex: Legislation in XML, op. cit. (as in n. ??), p. 3.

13

LongRec Compliance State-of-the-Art

“The MetaLex standard supports multi-lingual documents in two distinct ways:

through localization of XML elements and by providing the means to maintain mul-

tiple language versions of the same document in one file.”19

“To keep track of versions MetaLex provides a number of attributes for every struc-

tural XML element in the document that can be identified, selected, and thus changed;

the date-publication of an element is the time the element is officially published or

announced. The date-enacted, the time the content becomes applicable in deci-

sionmaking, is always later than or the same as date-publication, but before date-

repealed, the time the content becomes inapplicable in decisionmaking. Between

date-enacted and date-repealed the element and its content is active, and outside

this interval it is inactive. Table 1 can be used to deduce active time intervals from

the presence or absence of these attributes. The date-version attribute represents

the date the correctness of the content and other dates of the XML element was

last verified. The XML document looses its value as a normative reference as time

progresses and the time-interval between date-version and today increases.”20

MetaLex is extensible in several ways:21

• language extensions

• information about texts can be added in RDF statements

The work on MetaLex is being continued in the Estrella Project http://www.estrellaproject.

org/ The main technical objectives of the Estrella project are to develop a Legal Knowledge

Interchange Format (LKIF), building upon emerging XML-based standards of the Semantic

Web.22 LKIF uses MetaLex as a standard for sources of law, and participates in the MetaLex

CEN workshop to align MetaLex and LKIF. LKIF is used to represent the meaning of sources

of law, for the purpose of building knowledge based systems. In MetaLex terms, it is a schema

for MetaLex metadata.19 BOER, HOEKSTRA and WINKELS, Metalex: Legislation in XML, op. cit. (as in n. ??), p. 6.20 BOER, HOEKSTRA and WINKELS, Metalex: Legislation in XML, op. cit. (as in n. ??), p. 5.21 BOER, HOEKSTRA and WINKELS, Metalex: Legislation in XML, op. cit. (as in n. ??), p. 7.22 HOEKSTRA, RINKE et al., “The LKIF Core Ontology of Basic Legal Concepts”, In CASANOVAS, POMPEU et al.

(ed.), Proceedings of the Workshop on Legal Ontologies and Artificial Intelligence Techniques (LOAIT 2007),Stanford, CA, USA,, 2007 , http://sunsite.informatik.rwth-aachen.de/Publications/CEUR-WS/Vol-321/.

14

LongRec Compliance State-of-the-Art

The MetaLex schema has been incorporated into a CEN Workshop Agreement23 A CWA is

accepted by the CEN and associated standard organisations as a publicly available specification

(PAS or pre-norm) for the period of three years, after which the agreement must be renewed or

upgraded to a norm.24

“The MetaLex/CEN schema is based on best practices from amongst others the pre-

vious versions of the MetaLex schema, the Akoma Ntoso schema, and the Norme in

Rete schema. Other important sources of inspiration are i.a. LexDania, CHLexML,

FORMEX, R4eGov, etc. In addition to these government or open standards there

are many XML languages for publishing legislation in use by publishers. Standards

like PRISM, in which major publishers are involved, are also a source of inspira-

tion.”25

Further reading

• Metalex http://www.metalex.eu/ project page

• VAN ENGERS, T. et al., “POWER: Using UML/OCL for Modeling Legislation -an application

report”, In X. (ed.), Proceedings of the 8th International Conference on Artificial Intelligence

and Law (ICAIL 2001), New York, ACM, 2001, op. cit. (as in n. ??)

• BOER, ALEXANDER, HOEKSTRA, RINKE and WINKELS, RADBOUD, “Metalex: Legislation

in XML”, In BENCH-CAPON, TREVOR, DASKALOPULU, ASPASSIA and WINKELS, RAD-

BOUD (ed.), Legal Knowledge and Information Systems: JURIX 2002, IOS Press, 2002 ,

http://www.jurix.nl/pdf/j02-01.pdf, op. cit. (as in n. ??)

• HOEKSTRA, RINKE et al., “The LKIF Core Ontology of Basic Legal Concepts”, In CASANOVAS,

POMPEU et al. (ed.), Proceedings of the Workshop on Legal Ontologies and Artificial In-

telligence Techniques (LOAIT 2007), Stanford, CA, USA,, 2007 , http://sunsite.

informatik.rwth-aachen.de/Publications/CEUR-WS/Vol-321/, op. cit. (as

in n. ??)

Other

INT23 A CEN Workshop Agreement is a consensus-based specifications, drawn up in an open Workshop

environment. https://www.cen.eu/CENORM/sectors/technicalcommitteesworkshops/workshops/cwas.asp

24 http://www.metalex.eu/about/25 http://www.cen.eu/cenorm/businessdomains/businessdomains/isss/activity/ws_metalex.asp.

15

LongRec Compliance State-of-the-Art

Akoma Ntoso

Akoma Ntoso http://www.akomantoso.org/ builds on the research of the Norme in

Rete project.

See VITALI, FABIO and ZENI, FLAVIO, “Towards a country-independent data format: the

Akoma Ntoso experience”, In BIAGIOLI, CARLO, FRANCESCONI, ENRICO and SARTOR,

GIOVANNI (ed.), Proceedings of of the V Legislative XML Workshop, European Press Academic

Publishing, 2007 , http://www.e-p-a-p.com/dlib/9788883980466/art5.pdf

TEI

The Text Encoding Initiative (TEI) SGML DTD’s has some extensions which identify some

basic structure elements in legal texts.

See FINKE, NICHOLAS D., “TEI Extensions for Legal Text”, In X. (ed.), Proceedings of the

Text Encoding Initiative Tenth Anniversary User Conference, 1997 , http://xml.coverpages.

org/finkeTEI10.html

EU

FORMEX

Formex http://formex.publications.europa.eu/index.html describes the for-

mat for the exchange of data between the Publication Office and its contractors. In particular,

it defines the logical markup for documents which are published in the different series of the

Offical Journal of the European Union.

Corpus Legis

The Corpus Legis http://www.juridicum.su.se/iri/corpus/index.htm project

developed an SGML DTD for legal documents for the purpose of a large database, it identifies

some basic structure elements in legal texts.

See MAGNUSSON SJÖBERG, CECILIA, Stockholm, Jure, 1998

AU

Australian Justice Sector Metadata Scheme (JSMS)

“The Justice Sector Metadata Standard sets out the metadata elements required to

allow consistent retrieval of legal information by search facilities. The standard

caters for legal specific information such as jurisdiction, act name and the distinction

between primary and secondary materials (legislation vs guides to the law).

16

LongRec Compliance State-of-the-Art

The Justice Sector Metadata Standard arose from the work of the Legal Information

Standards Council (LISC) and the LawZone trial (LawZone: A new way of search-

ing, improving community access to legal information on the Internet 1999).”26

CH

CHLexML

CHLexML http://www.chlexml.ch/ is an XML schema for legislation issued by the

federal, cantonal and municipal levels.

DK

Lex Dania

Lex Dania XML is a joint project between the Danish Parliament (The Folketing) and the Danish

Ministry of Justice, Civilstyrelsen, Retsinformation. Its aim is to develop a standardized XML

format for the documents contained in Retsinformation (the Danish central register for Laws and

rules), conforming to the Danish Governmental XML-standard.

See PETERSEN, KNUD ERIK, “Lex Dania XMl status april 2005”, I Quaderni, 2005, Nr. 18 ,

http://www.cnipa.gov.it/site/_files/Quaderno\%2018.pdf

2.1.2 Cross-border and multilingual legal information systems

Advanced legal databases with a national scope are useful tools, however in today’s political and

economical landscape they alone can provide no more than a partial view of all relevant norms.

A comprehensive legal information system would ideally allow to move seamlessly from the

national to the the transnational and/or international level and vice versa. Such a system requires

the development of an appropriate method to deal with the use of multiple languages.

In the EU, the need for such a system is felt by citizens, businesses and government alike. At

present, there is no comprehensive database linking EU directives to the implementing measures

taken by the Member States. As a consequence, finding the equivalents of norms transposing

directives in the various Member States is a manual task which is very time-consuming.

Eulegis

Eulegis http://canada.esat.kuleuven.be/docarchwebsite/show.jsp?page=

projects\&id=EULEGIS stands for European User Views to Legislative Information in

Structured Form.26 http://info.lawaccess.nsw.gov.au/lawaccess/lawaccess.nsf/pages/jsms

17

LongRec Compliance State-of-the-Art

The project aimed to develop single point of access to all data systems providing legislative

information in the European Union.27

“Legal information in Europe is scattered in numerous heterogeneous databases.

The data in the databases is structured, organized and classified in various ways,

the contents are written in different languages, and the retrieval techniques vary.

Providing integrated access to the databases would serve both legal experts and lay-

men. Issues related to the Web access of European legal databases were studied in

the EULEGIS project. Requirements for the integrated service were investigated

and a prototype system was implemented. The implementation was based on the

idea of rich metadata. An XML-based model for the metadata was developed and

implemented. The model included data about legal processes, organizational actors

in the processes, types of documents created in the processes, and databases provid-

ing access to the documents of the types. An important subset of the metadata was

visualized in the user interface graphically.”28

EULEX 3 and Nat-Lex

The research done in Eulegis has been continued in the EULEX 3 and Nat-Lex projects. EU-

LEX 3 aimed to develop an access service for national implementing measures of EU law. There

do not appear to be any published results of this project, however the existing database of EU law,

Eur-Lex, has been enriched with reference information about national implementing measures.

At present, no direct link to the national legislative databases is provided.

The goal of Nat-Lex was to develop a single point of access (with a standard search interface) to

legal online information services in EU Member States.29

The results of Nat-Lex are a common access portal for national law (N-Lex), which is currently

available as an experimental application in 2006. The portal allows users to search national

sites using a single uniform search template and provides a multilingual thesaurus. The search

possibilities and the results are completely dependent on the national sites, which explains the

differences in the availability of search criteria and in the presentation and scope of results.30

27 HIETANEN, AKI, “Networking European Legal Sites : Experiences and Challenges”, In X. (ed.), Pro-ceedings of the Law via the Internet Conference, Paris, 2004 , http://www.frlii.org/IMG/pdf/hietanenparis.pdf.

28 LYYTIKÄINEN, VIRPI, TIITINEN, PASI T. and SALMINEN, AIRI, “XML Metadata for Accessing HeterogeneousLegal Databases”, In X. (ed.), Proceedings of the XML Europe 2001 Conference, 2001 , http://www.gca.org/papers/xmleurope2001/papers/html/s27-4.html

29 HIETANEN, Networking European Legal Sites : Experiences and Challenges, op. cit. (as in n. ??).30 http://eur-lex.europa.eu/n-lex/pays.html?lang=en

18

LongRec Compliance State-of-the-Art

Globalex

“GlobaLex http://www.nyulawglobal.org/Globalex/about.htm is

an electronic legal publication dedicated to international and foreign law research.

Published by the Hauser Global Law School Program at NYU School of Law. Glob-

aLex is committed to the dissemination of high-level international, foreign, and

comparative law research tools in order to accommodate the needs of an increas-

ingly global educational and practicing legal world.

The information and articles published by GlobaLex represent both research and

teaching resources used by legal academics, practitioners and other specialists around

the world who are active either in foreign, international, and comparative law re-

search or those focusing on their own domestic law. The guides and articles pub-

lished are written by scholars well known in their respective fields and are rec-

ommended as a legal resource by universities, library schools, and legal training

courses. The tools available in GlobaLex will continue to expand to cover interna-

tional law topics, countries and legal systems thus providing a coherent and encom-

passing research tool for all constituencies.”31

Further reading

• KUEHL FROSTESTAD, HEIDI, “Globalex: A Unique and Valuable Tool for Foreign, Compar-

ative, and International Law Research”, International Journal of Legal Information, 34 2006 ,

http://www.heinonline.org/HOL/Page?handle=hein.journals/ijli34\

id=1\size=2\collection=journals\index

2.1.3 Bridging the gap: tying legislation to its application domain

Being able to point to an exact rule or provision in legal source material is one thing. Beyond

that, the question remains what the provision really means, which is usually if not always open

for interpretation. Realizing this fact, the legislative XML research community has turned to

methods for linking legal sources to documents about their interpretation.32

The problem of linking legislative knowledge to external (domain-specific) knowledge is also

one encountered by law-makers, whose goal is to have an impact on the world around them,31 http://www.nyulawglobal.org/Globalex/about.htm32 BIAGIOLI, CARLO, “How to link (external) models or interpretations of the meaning of sources of law to the

original sources”, Leiden, 2007 , http://www.lri.jur.uva.nl/~winkels/PP-Jurix-2007.pdf.

19

LongRec Compliance State-of-the-Art

and not to write legislation per se. Therefor, the research in this area33 can be of interest in the

inverse situation where a pre-existing legal text needs to be applied to a specific situation.

Further reading

• BIAGIOLI, CARLO, “How to link (external) models or interpretations of the meaning of

sources of law to the original sources”, Leiden, 2007 , http://www.lri.jur.uva.

nl/~winkels/PP-Jurix-2007.pdf, op. cit. (as in n. ??)

• BIAGIOLI, CARLO et al., “Law Making Environment. Perspectives”, In BIAGIOLI, CARLO,

FRANCESCONI, ENRICO and SARTOR, GIOVANNI (ed.), Proceedings of of the V Legislative

XML Workshop, European Press Academic Publishing, 2007 , http://www.e-p-a-p.

com/dlib/9788883980466/art19.pdf, op. cit. (as in n. ??)

2.2 Legal semantic web

Online databases of regulatory texts are a great tool for human users, however information tech-

nology has much more to offer us in terms of support of the practice of law. The next step is

to enhance the natural language legal texts with computer readable specifications, allowing for

all kinds of automated processing, such as document retrieval, accessing related information,

establishing consolidated version and even applying the rules contained in the text. Researchers

are turning to semantic web technologies, which process information according to its content or

meaning, to realize these advances.34

Semantic web is not a single technology, but builds upon a number of different technologies:

• XML is used to separate natural language elements from computer-readable elements.

• RDF is a specification for subject-predicate-object expressions (e.g. the sky has the color blue)

which is used to describe properties of an entity or resource.

• Ontologies provide a description of entities that exist in a domain and the relationships be-

tween them.

Another – still experimental – component of semantic web technology are rule languages and

rule inference mechanisms. Obviously, extending semantic web with legal logic is of great

interest for legal informatics researchers.33 See BIAGIOLI, CARLO et al., “Law Making Environment. Perspectives”, In BIAGIOLI, CARLO,

FRANCESCONI, ENRICO and SARTOR, GIOVANNI (ed.), Proceedings of of the V Legislative XML Workshop,European Press Academic Publishing, 2007 , http://www.e-p-a-p.com/dlib/9788883980466/art19.pdf.

34 http://www.one-lex.eu/The%20Project/Mission/Mission.html

20

LongRec Compliance State-of-the-Art

2.2.1 Legal RDF

Developmant of an RDF ‘dictionary’ for the legal domain was the focus of research in the

LeXML initiative. The aim was to identify and describe similarities and differences between

legal concepts in different languages so that legal documents built up with different DTDs could

be exchanged automatically.35

LEXML Network members

• OAISIS Member Section LegalXML http://legalxml.org/

• Germany http://www.lexml.de/

• Sweden http://www.juridicum.su.se/lexml/lexml.htm

• Italy http://www.lexml.it/

• The Netherlands http://law.leiden.edu/xml/ (no longer available, see Internet Archive

http://web.archive.org/web/20061125172713/http://law.leiden.edu/

xml/)

• Spain http://www.uv.es/lexml/

• U.S. http://www.legalxml.org

There appears to have been little development of the Legal RDF dictionary in recent years.

2.2.2 Legal ontologies

Much work is being done on the development of legal ontologies. Legal ontologies describe

which concepts are used in the legal field in a machine-readable way. Therefor ontologies form

a building block for technologies that aim to translate legal texts, policies and legal knowledge

in general into machine-readable form.

Further reading

• RYAN, HENRY et al., “Ontology-Based Platform for Trusted Regulatory Compliance Ser-

vices”, In X. (ed.), On The Move to Meaningful Internet Systems 2003: OTM 2003 Work-

shops, Volume 2889, Lecture Notes in Computer Science, Berlin, Springer, 2003 , http:

//dx.doi.org/10.1007/b94345

35 MULLER, MURK, “Legal RDF Dictionary”, In X. (ed.), Proceedings of XML Europe 2002, 2002 , http://www.idealliance.org/papers/xmle02/dx_xmle02/papers/03-04-03/03-04-03.html

21

LongRec Compliance State-of-the-Art

• KABILAN, VANDANA, JOHANNESSON, PAUL and RUGAIMUKAMU, DICKSON M., “Busi-

ness Contract Obligation Monitoring through Use of Multi Tier Contract Ontology”, In X.

(ed.), On The Move to Meaningful Internet Systems 2003: OTM 2003 Workshops, Vol-

ume 2889, Lecture Notes in Computer Science, Berlin, Springer, 2003 , http://dx.

doi.org/10.1007/b94345

• LEHMANN, JOS et al. (ed.), LOAIT - Legal Ontologies and Artificial Intelligence Techniques,

Volume 4, IAAIL Workshop Series, Tilburg, Wolf Legal Publishers, 2005

• CASANOVAS, POMPEU et al. (ed.), Stanford, CA, USA,, Stanford University, 2007, http:

//sunsite.informatik.rwth-aachen.de/Publications/CEUR-WS/Vol-321/

• RUBINO, ROSSELLA, ROTOLO, ANTONINO and SARTOR, GIOVANNI, “An OWL Ontology

of Norms and Normative Judgements”, In BIAGIOLI, CARLO, FRANCESCONI, ENRICO and

SARTOR, GIOVANNI (ed.), Proceedings of of the V Legislative XML Workshop, European

Press Academic Publishing, 2007 , http://www.e-p-a-p.com/dlib/9788883980466/

art13.pdf

JurWordnet

Natural languages are difficult to master by machines for an number of reasons. The exact mean-

ing of a term is often hard to define and quite often shifts over time and according to context.

Terms may have more than one meaning, and one meaning can be covered by many synonymous

terms. To tackle this particular problem WordNet http://wordnet.princeton.edu/

was developed at Princeton University.

“WordNet® is a large lexical database of English, developed under the direction

of George A. Miller. Nouns, verbs, adjectives and adverbs are grouped into sets

of cognitive synonyms (synsets), each expressing a distinct concept. Synsets are

interlinked by means of conceptual-semantic and lexical relations. The resulting

network of meaningfully related words and concepts can be navigated with the

browser. WordNet is also freely and publicly available for download. WordNet’s

structure makes it a useful tool for computational linguistics and natural language

processing.”36

Legal terminology is based in common language, however in the legal field common words often

get a more specific meaning. The JurWordnet http://www.ittig.cnr.it/Ricerca/36 http://wordnet.princeton.edu/

22

LongRec Compliance State-of-the-Art

UnitaEng.php?Id=11\&T=4 project aims to create a WordNet for the legal field which is

connected to the generic WordNet.

WordNets can be used to support information retrieval technology or for automatic production

of metadata.37

Further reading

• MILLER, GEORGE A., “WordNet: A lexical database for english”, Communications of the

ACM, vol. 38 1995, Nr. 11

• VOSSEN, PIEK, EuroWordNet A Multilingual Database with Lexical Semantic Networks,

Dordrecht, Kluwer Academic Publishers, 1998

• FELLBAUM, CHRISTIANE, WordNet: An electronic lexical database, Cambridge, Mass.,

MIT Press, 1998

LOIS

An obvious next step, though challenging to realize, is the creation of multilingual WordNets.

This was the aim of the LOIS project:

“The main objective of LOIS http://www.ittig.cnr.it/Ricerca/UnitaEng.

php?Id=70\&T=4 is the localization of WordNets describing the legal domain

into 6 different European languages, namely Italian, English, German, Czech, Por-

tuguese and Dutch. The synsets (or concepts) of these WordNets will be linked

across them, in such a way to guarantee cross lingual access to European legislation

and other legal documents (such as court cases). The citizen and/or the professional

user will then be enabled to enter queries to a legal documentation base into his/her

language and retrieve also documents written in different languages.”38

Further reading

• PETERS, WIM, SAGRI, MARIA-TERESA and TISCORNIA, DANIELA, “The structuring of

legal knowledge in LOIS”, Artificial Intelligence and Law, Vol. 15 2007, Nr. 237 http://www.ittig.cnr.it/Ricerca/materiali/JurWordNet/UsingJurWordNet.htm38 LOIS http://www.ittig.cnr.it/Ricerca/UnitaEng.php?Id=70\&T=4

23

LongRec Compliance State-of-the-Art

• TISCORNIA, DANIELA, “The Lois Project: Lexical Ontologies for Legal Information Shar-

ing”, In BIAGIOLI, CARLO, FRANCESCONI, ENRICO and SARTOR, GIOVANNI (ed.), Pro-

ceedings of of the V Legislative XML Workshop, European Press Academic Publishing, 2007

, http://www.e-p-a-p.com/dlib/9788883980466/art14.pdf

• TISCORNIA, DANIELA, “Metadata for Content Description”, I Quaderni, 2005, Nr. 18 ,

http://www.cnipa.gov.it/site/_files/Quaderno\%2018.pdf

• AJANI, GIANMARIA et al., “Multilingual Conceptual Dictionaries Based on Ontologies”, In

BIAGIOLI, CARLO, FRANCESCONI ENRICO SARTOR GIOVANNI (ed.), Proceedings of of

the V Legislative XML Workshop, European Press Academic Publishing, 2007 , http:

//www.e-p-a-p.com/dlib/9788883980466/art12.pdf

IPronto: ontology for IPR

The ultimate goal of developing legal ontologies is to allow for automated processing of infor-

mation with legal significance. A prime candidate for early adoption of such technology is the

intellectual property domain. The rules governing intellectual property, copyright in particular,

are harmonized worldwide to a high degree. The content industry has a great interest in auto-

matically controlling use of their intellectual property, as can be seen in the large investements

already done in copy and use controlling techniques. User resistence to such techniques aside, a

major criticism of current control mechanisms is precisely that they do not follow legal bound-

aries, notably where the application of copyright exemptions is concerned. The use of legal

ontologies hold much promise in this respect.

“Ontologies are so expressive that they will be able to capture a great amount of the

underlying legal framework and combine it with the usage models typical in RELs

initiatives. Therefore, it will be possible to develop a copyright ontology that takes

into account copyright law together with the common usage patterns of copyrighted

content.

Ontologies have the additional benefit of facilitating evolvability and interoperabil-

ity. Therefore, a copyright ontology can be defined with the required level of detail

for a given application context and evolve later in order to cope with new situations

and requirements. And these new requirements are going to appear for sure due to

the dynamism of digital technologies and global networks and markets.

On the other hand, it is quite unlikely that there is going to be just a one-fits-all

solution for rights expressions representation. Therefore, interoperability is going

24

LongRec Compliance State-of-the-Art

to be a key issue and ontologies an opportunity. As ontologies do not constrain

the way things are written down, i.e. the grammar, but just what are we talking

about, i.e. the semantics, it is easier to interoperate. A copyright ontology will thus

also facilitate interoperability among different RELs. Moreover, it will be easily

enriched with the semantics that will be reused from existing initiatives, which will

facilitate the development of the copyright ontology, its validation and enable it as

a key tool for DRM interoperability and integration. ”39

The IPronto http://dmag.upf.edu/ontologies/ipronto/ project builds upon web

ontologies “to facilitate the automation and interoperability of IPR frameworks integrating both

parts, called Rights Expression Language and Rights Data Dictionary. These objectives can be

accomplished using ontologies, that can provide the required definitions of the rights expression

language terms in a machine-readable form. Thus, from the automatic processing point of view,

a more complete vision of the application domain is available and more sophisticated processes

can be carried out. Moreover, the modularity of web ontologies, constituted by concept and

relation definitions openly referenceable, allows their free extension and adaptation.”40

IPronto is not being developed in isolation of other initiatives, but builds on previous work.41

The work started in IPronto is being continued in the NewMars http://dmag.upf.edu/

newmars/ project, which aims to “develop a multimedia contents e-Commerce platform that

manages the Intellectual Property Rights associated to them.”42

Further reading

• DELGADO, JAIME et al., “IPROnto - Intellectual Property Rights Ontology”, ISWC, 2002 ,

http://dmag.upf.edu/ontologies/ipronto/ISWCPoster.pdf

• DELGADO, JAIME et al., “IPROnto: An Ontology for Digital Rights Management”, In BOUNCIER,

D. (ed.), Legal Knowledge and Information Systems, Jurix 2003, Amsterdam, IOS Press,

2003 , http://www.jurix.nl/, op. cit. (as in n. ??)39 GARCÍA, ROBERTO, A Semantic Web Approach to Digital Rights Management, Barcelona, Spain, Depart-

ment of Technologies, Universitat Pompeu Fabra, 2005 , http://rhizomik.net/~roberto/thesis/,p. 106. In his thesis paper, the author models a single legal system as it is at a specific point in time. How to dealwith changes of the rules or addresses differences amongst legal systems is outside the work’s scope.

40 http://dmag.upf.edu/ontologies/ipronto/41 DELGADO, JAIME et al., “IPROnto: An Ontology for Digital Rights Management”, In BOUNCIER, D. (ed.),

Legal Knowledge and Information Systems, Jurix 2003, Amsterdam, IOS Press, 2003 , http://www.jurix.nl/.

42 http://dmag.upf.edu/newmars/

25

LongRec Compliance State-of-the-Art

• GARCÍA, ROBERTO, GIL, ROSA and DELGADO, JAIME, “Intellectual Property Rights Man-

agement using a Semantic Web Information System”, In X. (ed.), OTM Confederated Interna-

tional Conferences, CoopIS, DOA, and ODBASE 2004, Lecture Notes in Computer Science,

Berlin, Springer, 2004, 3291

• GARCÍA, ROBERTO, A Semantic Web Approach to Digital Rights Management, Barcelona,

Spain, Department of Technologies, Universitat Pompeu Fabra, 2005 , http://rhizomik.

net/~roberto/thesis/, op. cit. (as in n. ??)

• GARCÍA, ROBERTO, GIL, ROSA and DELGADO, JAIME, “A web ontologies framework for

digital rights management”, Artificial Intelligence and Law, Vol. 15 2007, Nr. 2 , http:

//dx.doi.org/10.1007/s10506-007-9032-6

2.2.3 Legal Logic

Descriptions of concepts and the links between them alone are not enough to allow for automated

processing of legal information. A method to express legal rules or legal logic in machine-

readable form is required. This is being researched in a number of projects.

Further reading

• VAN ENGERS, T. et al., “POWER: Using UML/OCL for Modeling Legislation -an application

report”, In X. (ed.), Proceedings of the 8th International Conference on Artificial Intelligence

and Law (ICAIL 2001), New York, ACM, 2001

• KERRIGAN, SHAWN and LAW, KINCHO H., “Logic-based regulation compliance-assistance”,

New York, ACM Press, 2003, 126–135

RuleML

RuleML http://ruleml.org/ is an XML based language for the representation of rules.

It offers facilities to specify different types of rules from derivation rules to transformation rules

to reaction rules. RuleML is developed by the Rule Markup Initiative, which aims to develop

RuleML as the canonical Web language for rules using XML markup, formal semantics, and

efficient implementations.43

In their paper ‘Modelling Contracts Using RuleML’, Governatori and Rotolo use RuleML to

develop a conceptual representation of contracts. From a contract in natural language they distill43 See RuleML Mission Statement, http://ruleml.org

26

LongRec Compliance State-of-the-Art

the obligations and rules in a computer-readable form, thus allowing for automated monitoring.44

“Business contracts are mutual agreements between two or more parties engaging in

various types of economic exchanges and transactions. They are used to specify the

obligations, permissions and prohibitions that the signatories should hold responsi-

ble for and to state the actions or penalties that may be taken when any of the stated

agreements is not being met. Given the increasing efforts by organisations to carry

out their business via the Internet, it is crucial to model contracts in terms of work-

flows, so that all relevant tasks of contracts can be described as business processes,

where business processes are defined by business rules, statements or policies listed

in business contracts or other legal documents that are used by organisations to run

the activities, to provide an understanding of how a business operates, and to direct

the behaviour of the organisation.”45

From monitoring contract execution to compliance with internal policies is just a small step.

Exactly how RuleML could be used to support compliance monitoring is beyond the scope of

this report.

REALM: Regulations Expressed As Logical Models

REALM http://www.zurich.ibm.com/csc/security/compliance.html is a

project that has automated support of compliances as its main goal:

“Recent years have seen a number of high-profile incidents ofcorporate accounting

fraud, security violations, terrorist acts, and disruptions of major financial markets.

This has lead to a proliferation ofnew regulations that directly impact businesses. As

a result, businesses,in particular publicly traded companies, face the daunting task

of complying with an increasing number of intricate and constantly evolvingregu-

lations. Together with the growing complexity of today’s enterprisesthis requires

a holistic compliance management approach with the goalof continually increasing

automation.We introduce REALM (Regulations Expressed as Logical Models), a

metamodel and method for modeling regulations and managing them ina systematic44 GOVERNATORI, GUIDO and ROTOLO, ANTONINO, “Modelling Contracts Using RuleML”, In GORDON, T.

(ed.), Legal Knowledge and Information Systems, Jurix 2004, Amsterdam, IOS Press, 2004 , http://www.jurix.nl/pdf/j04-16.pdf.

45 GOVERNATORI and ROTOLO, Modelling Contracts Using RuleML, op. cit. (as in n. ??), p. 141.

27

LongRec Compliance State-of-the-Art

lifecycle in an enterprise. We formalize regulatory requirements as sets of compli-

ance rules in a novel real-time temporal objectlogic over concept models in UML,

together with metadata for traceability. REALM provides the basis for subsequent

model transformations,deployment, and continuous monitoring and enforcement of

compliancein real business processes and IT systems.”46

Further reading

• GIBLIN, C. et al., “Regulations Expressed as Logical Models (REALM)”, In MOENS, MARIE-

FRANCINE and SPYNS, PETER (ed.), Proceedings of the 18th Annual Conference on Legal

Knowledge and Information Systems, Brussels, Jurix, 2005, op. cit. (as in n. ??)

• PFITZMANN, BIRGIT, POWERS, CALVIN and WAIDNER, MICHAEL, IBM’s Unified Gover-

nance Framework (UGF) Initiative, Zurich, IBM Research Division, 2007, IBM Research

Report RZ 3699 , http://www.zurich.ibm.com/pdf/csc/rz3699_UGF-whitepaper.

pdf

• IBM Governance & Compliance http://www.zurich.ibm.com/csc/security/

compliance.html.

ALIS project

One of the ALIS project http://www.alisproject.eu objectives is to support regulatory

compliance in the field of intellectual property rights.

“ALIS will check whether actions and decisions of Government Departments are

compliant with the applicable legal and regulatory framework, by resorting to in-

formation technologies, knowledge representation, computational logics and formal

reasoning. The same technologies may also serve individuals and private compa-

nies.

Furthermore, ALIS will analyze compliance with respect to different systems of

laws and regulations, thus pointing out the potential contradictions that may occur

when several systems of laws and regulations need to be taken into account simul-

taneously.

The benefits of regulatory compliance for the actors under consideration are :46 GIBLIN, C. et al., “Regulations Expressed as Logical Models (REALM)”, In MOENS, MARIE-FRANCINE and

SPYNS, PETER (ed.), Proceedings of the 18th Annual Conference on Legal Knowledge and Information Systems,Brussels, Jurix, 2005, p. 1.

28

LongRec Compliance State-of-the-Art

1. Minimization of legal risk, and hence of possibly high expenses to cover these

risks

2. Cost reduction at the level of the judicial system

3. Better governance at the governmental level

4. Harmonisation of best practices at the European level.”47

Further reading

• CEVENINI, CLAUDIA et al., “Development of the ALIS IP Ontology: Merging Legal and

Technical Perspectives”, In X. (ed.), Computer-Aided Innovation (CAI), IFIP International

Federation for Information Processing, Boston, Springer, 2008 , http://dx.doi.org/

10.1007/978-0-387-09697-1_14

Policy aware web

“Policy awareness is a property of the Web that will provide users with accessible and under-

standable views of the policies associated with resources, enable agents to act in response to

rules on a user’s behalf, thereby making compliance with stated rules easier, and afford a greater

opportunity for accountability when rules are intentionally or accidentally broken.”48

There are quite a few initiatives developing new technologies for expressing information policies

on the web. Characteristic for these initiatives is that they deal with a specific domain (privacy,

copyright, identity or access control), depending on the needs of the community in question. At

their core these vertical new technologies deal with the same three entities: people, content and

permissions. Iannella e.a. propose that semantic web technology should allow for the devel-

opment of a policy framework that captures the commonalities between these policy languages

whilst supporting the specific needs of each.49 The main challenges for such a policy framework

are how to arrive at an abstract model for the policy framework, how to create representations of

the model and further how to then implement this model in concrete applications.50

47 Alis Project Website, Regulatory Compliance, http://www.alisproject.eu/index.php?option=com_content&task=view&id=41&Itemid=68

48 WEITZNER, DANIEL J. et al., “Transparency and End-to-End Accountability: Requirements for Web Pri-vacy Policy Languages”, In X. (ed.), W3C Workshop on Languages for Privacy Policy Negotiation andSemantics-Driven Enforcement, 17 and 18 October 2006, W3C, 2006 , http://www.w3.org/2006/07/privacy-ws/papers/, p. 2.

49 IANNELLA, RENATO, HENRICKSEN, KAREN and ROBINSON, RICKY, “A Policy Oriented Architecture for theWeb: New Infrastructure and New Opportunities”, Ispra, Italy, W3C, 2006 , http://www.w3.org/2006/07/privacy-ws/papers/05-ianella-policy-oriented-architecture, p. 2.

50 IANNELLA, HENRICKSEN and ROBINSON, W3C Workshop on Languages for Privacy Policy Negotiation andSemantics-Driven Enforcement, 17 and 18 October 2006 2006, op. cit. (as in n. ??), p. 3.

29

LongRec Compliance State-of-the-Art

Further reading

• WEITZNER, DANIEL J. et al., “Transparency and End-to-End Accountability: Requirements

for Web Privacy Policy Languages”, In X. (ed.), W3C Workshop on Languages for Privacy

Policy Negotiation and Semantics-Driven Enforcement, 17 and 18 October 2006, W3C, 2006

, http://www.w3.org/2006/07/privacy-ws/papers/, op. cit. (as in n. ??)

• IANNELLA, RENATO, HENRICKSEN, KAREN and ROBINSON, RICKY, “A Policy Oriented

Architecture for the Web: New Infrastructure and New Opportunities”, Ispra, Italy, W3C,

2006 , http://www.w3.org/2006/07/privacy-ws/papers/05-ianella-policy-oriented-architecture,

op. cit. (as in n. ??)

30

Chapter 3

Evidence

Simply put, evidence must answer questions that go along the lines of who, what, why, when,

where and how. Electronic evidence has challenged existing legal practices with respect to col-

lection, production and evaluation of proof. In the discussion of electronic evidence, two distinct

legal domains can be discerned, one is cyber-crime and the other is electronic transactions in a

broad sense. Though electronic records management, as a business process, falls within the

scope of the latter, insights gained in the former can be instructive.

There appears to be no general consensus on a defintion of electronic evidence. Evidence is

considered to be all information by which facts tend to be proved. Evidence is thus the means by

which the facts constituating an offence or surrounding a transaction can be proved.1 Electronic

evidence then can be defined as any information obtained from an electronic device or digital

medium which serves to convince the truth of a fact or action.2

Electronic evidence is not intrinsically different from other types of evidence, however the

fragility and the transience of many forms of computer evidence raise additional concerns.3 In

order to guarantee the authenticity of the records it contains, an electronic records management

system must implement appropriate information security techniques. Regulatory compliance

monitoring and enforcement too is likely to use similar techniques. In this sense, taking a look1 See LEROUX, OLIVIER, “Legal admissibility of electronic evidence”, International Review of Law, Computers

Technology, Vol. 18 2004, Nr. 2, p. 196 ff.2 Compare with X. (ed.), The admissibility of electronic evidence in court: fighting against high-tech crime,

Barcelona, Cybex, 2006 , http://www.cybex.es/agis2005/docs/libro_aeec_en.pdf3 KARYDA, MARIA and MITROU, LILIAN, “Internet forensics: legal and technical issues”, Proceedings of the

second International Workshop on Digital Forensics and Incident Analysis 2007, LEROUX, International Reviewof Law, Computers Technology Vol. 18 [2004], op. cit. (as in n. ??), EUROPE, RAND (ed.), Handbook ofLegislative Procedures of Computer and Network Misuse in EU Countries – Study for the European Commission,Directorate-General Information Society, 2002.

31

LongRec Compliance State-of-the-Art

at digital forensics seems appropriate.

3.1 Digital Forensics

Traditionally, forensic science or forensics in the broad sense is the use of science to answer legal

questions, though the term is most commonly used in the narrower sense of scientific analysis

of evidence gathered in criminal investigations.4 Digital forensics is the analysis of evidence

in digital form, though the term is used both for official criminal investigations as for private

investigations of wrong-doings.

“Digital forensic investigations (DFIs) are commonly employed as a post-event re-

sponse to a serious information security or criminal incident. They typically con-

sider the case when the PC of a suspect has been seized. The hard-drive is imaged

and an investigation proceeds to search for traces of evidence. The examination is

conducted in a systematic, formalised and legal manner to ensure the admissibility

of the evidence. The process of a digital forensic investigation is subject to con-

siderable scrutiny of both the integrity of the evidence [Sommer 1998]5, and the

integrity of the investigation process [Stephenson 2002, 2003b]6.”7

“Internet forensics involve the recognition, recovery and reconstruction of digital

evidence and its management in a way that renders it admissible in prosecution and

– more generally – in legal proceedings.”8

“Procedural problems arise from the lack of standardization, as well as the lack of

theoretical framework for the field of digital forensics. Using ad-hoc methods and4 See Merriam-Webster Dictionary, http://www.m-w.com.5 SOMMER, P., “Intrusion Detection Systems as Evidence”, In X. (ed.), Proceedings of Recent Advances in In-

trusion Detection 1998, 1998 , http://www.raid-symposium.org/raid98/Prog_RAID98/Full_Papers/Sommer_text.pdf

6 STEPHENSON, P., “A Comprehensive Approach to Digital Incident Investigation”, Information SecurityTechnical Report, Vol. 8 2003, Nr. 2 , http://dx.doi.org/10.1016/S1363-4127(03)00206-1;STEPHENSON, P., “Using Evidence Effectively”, Computer Fraud and Security, 2003, Nr. 3 , http://dx.doi.org/10.1016/S1361-3723(03)03012-4

7 ROWLINGSON, International Journal of Digital Evidence vol. 2 [2004] (as in n. ??), p. 1.8 KARYDA and MITROU, Proceedings of the second International Workshop on Digital Forensics and Incident

Analysis 2007 (as in n. ??), referring to MITRAKAS, ANREAS, ZAITCH DAMIEN, “Law, Cybercrime and digitalforensics: Trailing Digital Suspects”, In KANELIS, PANAGIOTIS, KIOUNTOUZIS EVANGELOS KOLOKOTRONIS

NICHOLAS DRAKOULIS MARTAKOS (ed.), Digital Crime and Forensic Science in Cyberspace, London, IdeaGroup, 2006.

32

LongRec Compliance State-of-the-Art

tools for the elicitation of digital evidence can limit the reliability and credibility of

the evidence, especially in a crime prosecution process where both the evidence and

the processes used for collecting it can be disputed.”9

Once an incident has occurred and an investigation has to be undertaken, it is too late to ensure

that systems are able to provide sufficient and relieble evidence of the facts. Organisations must

prepare for such events beforehand to keep the cost of investigations within reasonable limits, yet

still be in a position to procure effective evidence when needed. Rowlingson calls this ‘digital

forensics readiness’ and proposes a ten step process to achieve this.10

Further Reading

• AHMAD, A., “The Forensic Chain of Evidence Model: Improving the Process of Evidence

Collection in Incident Handling Procedures”, In X. (ed.), Proceedings of the 6th Pacific

Asia Conference on Information Systems, 2002 , http://www.dis.unimelb.edu.au/

staff/atif/AhmadPACIS.pdf

• STEPHENSON, P., “End-to-End Digital Forensics”, Computer Fraud and Security, 2002, Nr. 9

, http://dx.doi.org/10.1016/S1361-3723(02)00914-4

• STEPHENSON, P., “Using Evidence Effectively”, Computer Fraud and Security, 2003, Nr. 3

, http://dx.doi.org/10.1016/S1361-3723(03)03012-4, op. cit. (as in n. ??)

• WOLFE, HENRY B., “Evidence Analysis”, Computers Security, Vol. 22 2003, Nr. 4 ,

http://dx.doi.org/10.1016/S0167-4048(03)00404-8

• ROWLINGSON, ROBERT, “A Ten Step Process for Forensic Readiness”, International Jour-

nal of Digital Evidence, vol. 2 2004, Nr. 3 , http://www.utica.edu/academic/

institutes/ecii/publications/articles/A0B13342-B4E0-1F6A-156F501C49CF5,

op. cit. (as in n. ??)

• ENFSI (ed.), Guidelines for Best Practice in the Forensic Examination of Digital Technology,

ENFSI, 2006 , http://www.enfsi.eu/uploads/files/ENFSI_Forensic_IT_

Best_Practice_GUIDE_5\%5B1\%5D.0.pdf

• MITRAKAS, ANREAS, ZAITCH DAMIEN, “Law, Cybercrime and digital forensics: Trailing

Digital Suspects”, In KANELIS, PANAGIOTIS, KIOUNTOUZIS EVANGELOS KOLOKOTRO-

NIS NICHOLAS DRAKOULIS MARTAKOS (ed.), Digital Crime and Forensic Science in Cy-

berspace, London, Idea Group, 2006, op. cit. (as in n. ??)9 KARYDA and MITROU, Proceedings of the second International Workshop on Digital Forensics and Incident

Analysis 2007, op. cit. (as in n. ??).10 ROWLINGSON, International Journal of Digital Evidence vol. 2 [2004], op. cit. (as in n. ??).

33

LongRec Compliance State-of-the-Art

• KARYDA, MARIA and MITROU, LILIAN, “Internet forensics: legal and technical issues”,

Proceedings of the second International Workshop on Digital Forensics and Incident Analysis

2007, op. cit. (as in n. ??)

3.1.1 Digital archiving readiness

Thus, where forensic readiness – In the context of enterprise security – can be defined as “the

ability of an organisation to maximise its potential to use digital evidence whilst minimising the

costs of an investigation”11, similarly, digital archiving readiness could be defined as “the ability

of an organisation to maximise its potential to use digital records whilst minimising the costs of

proving their authenticity”.

Aims12:

• To gather admissible evidence legally and in the normal course of business processes;

• To gather evidence targeting the potential disputes that may adversely impact an organisation;

• To ensure that evidence makes a positive impact on the outcome of any legal action;

Steps13:

• Define the business scenarios that require digital evidence:

• Identify available sources and different types of potential evidence.

• Determine the evidence collection requirement.

• Establish a capability for securely gathering legally admissible evidence to meet the require-

ment.

• Establish a policy for secure storage and handling of potential evidence.

• Train staff in digital archiving practices, so that all those involved understand their role in the

digital evidence process and the legal sensitivities of evidence.

Define the business scenarios that require digital evidence

Predicting what kind of evidence one may need in the future can be very difficult to do. However,

haphazardly recording information about some parts of business processes and not others is a

very risky strategy. It makes more sense to analyse the organisations business processes to find11 ROWLINGSON, International Journal of Digital Evidence vol. 2 [2004], op. cit. (as in n. ??), p. 5.12 Analogues to some of the aims of digital forensic readiness, as viewed by Rowlingson, ROWLINGSON, Interna-

tional Journal of Digital Evidence vol. 2 [2004], op. cit. (as in n. ??), p. 9.13 Analogues to some of the steps towards digital forensic readiness, as listed by Rowlingson, ROWLINGSON,

International Journal of Digital Evidence vol. 2 [2004], op. cit. (as in n. ??), p. 9.

34

LongRec Compliance State-of-the-Art

out what (digital) evidence they require, either because it is a legal requirement, a contractual

one or an internal one.14

If afterwards the analysis proves to have been insufficient, for instance through a failure to

procure evidence in court, the plan can be adjusted for the future.

Ideally, for all the records being preserved by an organisation, it should be known why they are

created and preserved, e.g. demonstrating compliance with regulations, evidence of contractual

agreements, ...

At the same time, the organisation should be confident that records are being created and pre-

served to fulfill all evidence needs.

As far as documentation goes, there is interest in linking records management policies to the

evidence requirements it fulfills. Whenever the requirements change, e.g. laws are modified or

contracts amended, the relevant policies can be changed as well.

Identify available sources and different types of potential evidence

Some basic questions need to be asked about possible evidence sources, including15:

• Where is data generated?

• What format is it in?

• For how long is it stored?

• How is it currently controlled, secured and managed?

• Who has access to the data?

• How much is produced?

• Is it archived? If so where and for how long?

• How much is reviewed?

• What additional evidence sources could be enabled?

• Who is responsible for this data?

• Who is the formal owner of the data?

• How could it be made available to an investigation?

• To what business processes does it relate?

• Does it contain personal information?

“Email is an obvious example of a potential rich source of evidence that needs

careful consideration in terms of storage, archiving, auditing, and retrieval. But this14 ROWLINGSON, International Journal of Digital Evidence vol. 2 [2004], op. cit. (as in n. ??), p. 10.15 ROWLINGSON, International Journal of Digital Evidence vol. 2 [2004], op. cit. (as in n. ??), p. 11.

35

LongRec Compliance State-of-the-Art

is not the only means of communication used over the Internet. There is also instant

messaging, web-based email that bypasses corporate email servers, chat rooms and

newsgroups, and even voice over the Internet. Each of these may need preserving

and archiving. A worst case scenario has some of this traffic encrypted.”16

Records, as a byproduct of business processses, are one category of evidence. The strength of

such evidence often rests on the fact that it has been collected according to standard documented

business procedures.17

A different source of evidence stems from monitoring or surveillance of user activities. Mon-

itoring is usually cited as a means to deter and/or detect crime18, however it may also play an

important role in enforcement of business policies, for instance with respect to archiving of

records and compliance. Monitoring touches upon the right to privacy and other human rights

of those subjected to it, thus care must be taken to ensure it is done legally.19

Determine the evidence collection requirement

A gap analysis between evidence needs and available sources, as well as a cost benefit analysis

comparing the costs of collecting the evidence required and the projected benefits should be

conducted.20

On the benefit side:

• Can the evidence make an impact on the likely success of any formal action?21

• Can the evidence be gathered legally without infringing employee rights22

On the cost side23:

• Cost of monitoring (including tools and staff-time)

• Cost of secure storage

• Cost of organising potential evidence – by classifying, indexing and preparation

• Cost and implications of retrieval if evidence is demanded by a court16 ROWLINGSON, International Journal of Digital Evidence vol. 2 [2004], op. cit. (as in n. ??), p. 11.17 ROWLINGSON, International Journal of Digital Evidence vol. 2 [2004], op. cit. (as in n. ??), p. 12.18 ROWLINGSON, International Journal of Digital Evidence vol. 2 [2004], op. cit. (as in n. ??), p. 12.19 ROWLINGSON, International Journal of Digital Evidence vol. 2 [2004], op. cit. (as in n. ??), p. 12.20 ROWLINGSON, International Journal of Digital Evidence vol. 2 [2004], op. cit. (as in n. ??), p. 13.21 ROWLINGSON, International Journal of Digital Evidence vol. 2 [2004], op. cit. (as in n. ??), p. 13.22 ROWLINGSON, International Journal of Digital Evidence vol. 2 [2004], op. cit. (as in n. ??), p. 13.23 ROWLINGSON, International Journal of Digital Evidence vol. 2 [2004], op. cit. (as in n. ??), p. 13.

36

LongRec Compliance State-of-the-Art

Establish a capability for securely gathering legally admissible evidence to meet the re-quirement.

This step makes a start with the implementation of measures for digital archiving readiness.

Firstly, measures must ensure that available evidence is collected from the relevant sources and

that it is preserved as an authentic record. A preliminary question is whether the evidence can

be collected in a legal manner.24 Once collected, appropriate security measures are required to

ensure integrity of evidence.25

Establish a policy for secure storage and handling of potential evidence.

Evidence is generally called upon only after the lapse of a certain amount of time, months or

even years after it was collected.

“The objective of this step is to secure the evidence for the longer term once it has

been collected and to facilitate its retrieval if required. It concerns the long-term or

off-line storage of information that might be required for evidence at a later date.”26

“A policy for secure storage and handling of potential evidence comprises security

measures to ensure the authenticity of the data and also procedures to demonstrate

that the evidence integrity is preserved whenever it is used, moved, or combined

with new evidence. At all times it must be in a tamper-proof (or tamper-evident

state). This corresponds to the use of evidence bags in the physical world. Access

to the evidence is controlled and anyone requiring an evidence bag must sign it in

and sign it back with the contents unchanged. In the parlance of investigators this

is known as continuity of evidence (in the UK) and chain of custody (in the US).

The chain of custody also includes records of who held, and who had access to, the

evidence (for example from swipe control door logs).”27

Train staff in digital archiving practices

Records management technologies support business activities, which are still to a large degree

human activities. If the people in an organisation do not follow archiving policies, no amount of24 ROWLINGSON, International Journal of Digital Evidence vol. 2 [2004], op. cit. (as in n. ??), p. 15.25 ROWLINGSON, International Journal of Digital Evidence vol. 2 [2004], op. cit. (as in n. ??), p. 15.26 ROWLINGSON, International Journal of Digital Evidence vol. 2 [2004], op. cit. (as in n. ??), p. 16.27 ROWLINGSON, International Journal of Digital Evidence vol. 2 [2004], op. cit. (as in n. ??), p. 17.

37

LongRec Compliance State-of-the-Art

sophisticated information technology can rectify this. Training staff is essential so that all those

involved understand their role in the digital archiving process, including some of the legal issues

concerning evidence.28

3.2 Burden of proof

The notion ‘burden of proof’ signifies two things in a legal dispute:

1. Who must deliver proof to support a claim?

2. Who loses his claim when failing to provide sufficient proof? (= risk of proof)

When the proof consists of records in a wide sense, a major issue is who posesses the relevant

records: the claimant, the defendant or a third party. Each of these persons must consider

whether they may, may not or must hand over evidence to the court and/or other parties involved,

taking into consideration applicable regulatory and contractual obligations.

In Anglo-Saxon legal systems, making available of evidence is regulated under the rules of

discovery. Though continental European legal systems generally do not have a comparable set

of rules, some form of duty of cooperation in delivery of evidence often exists.

Further reading

• BERGER, CHRISTIAN, “Beweisführung mit elektronischen Dokumenten”, NJW, 2005, Nr. 15

• MASON, STEPHEN, “Archiving and storing e-mails - The legal and practical issues”, Com-

puter Law Security Report, vol. 24 2008, Nr. 2 , http://dx.doi.org/10.1016/j.

clsr.2007.09.004

• The Sedona Conference http://www.thesedonaconference.org/

3.3 Admissibility of evidence

Each country has its own rules regarding the admissibility of evidence in court. Common to

most countries is that matters of fact may be proven with any available means of evidence.

Where there are restrictions as to the form of admissible evidence, these usually only apply to

purposeful legal acts (e.g. contracts, declarations, ...). The reason is quite straightforward, facts28 ROWLINGSON, International Journal of Digital Evidence vol. 2 [2004], op. cit. (as in n. ??), p. 21.

38

LongRec Compliance State-of-the-Art

such as accidental occurances, scientific observations and the acts of others or not subject to the

control of the person who must deliver the proof. This person does not have the opportunity to

create reliable evidence as the events unfold, unlike in case of intentional acts.

In evidence laws two major systems can be identified, the regulated and the free evidence regime.

The regulated evidence regime entails that the law lists which kinds of evidence are permissible

as evidence. For instance, the French Civil Code stipulates that only a signed act is sufficient

evidence of contracts (except for those representing a low monetary value). Digital files that bear

no kind of legal signature, transcripts of chat sessions, etc. may in principle not be presented

before the courts. Note that even in more or less strictly regulated evidence regimes, the proof

of merely factual matters is open to all kinds of evidence.

In other legal systems, notably the Anglo-Saxon inspired systems, there is no predetermined list

of admissible evidence. However, evidence must conform to a number of principles, for instance

relevancy or the ‘best evidence rule’, otherwise it is discarded.29

Multinationals face the difficult task of designing their work processes with admissibility re-

quirements of different jurisdictions in mind. If complying with all of them completely proves

impossible, choices must be made based on which requirements cost too much to implement in

comparison to the projected benefits. It may be cheaper to lose a law suit for lack of sufficient

evidence now and again, than to ensure that all evidence is collected and stored for a significant

period of time.

Here too, linking the evidence collection and handling policy of an organisation to the legal

provisions and principles on which it is based would be a great step forward. For one, if the

legal foundations are modified later, the organisation can easily identify which policies may

need adaptation. Providing such links may be just as valuable or even more so when policies do

not comply with the legal provisions of a country. In such a case the possible consequences of

non-compliance can be noted, as well as the reasons for maintaining a non-compliant policy.

3.4 Probative value of digital evidence

Once evidence has been accepted by the court as admissible, the question remains how con-

vincing the judge will find it. Authenticity of evidence is key. Being able to give sufficient

assurances about the integrity is a great factor in determining the probative value of records.29 About UK evidence rules, see KEARSLEY, AMANDA J., “Electronic Document Management, Legal admissibility

of evidence held in electronic form”, Computer Law Security Report, Vol. 15 1999, Nr. 3. About U.S. rulessee KENEALLY, ERIN E., “Digital logs - proof matters”, Digital Investigation, 2004, Nr. 1 , http://www.elsevier.com/locate/diin.

39

LongRec Compliance State-of-the-Art

Also the identity of the records – what are they and in which context were they created – is of

great importance.

In some instances, the law itself may determine the weight to be attached to evidence through

legal presumptions. For instance, the observations made by officers of the police or other official

agents may be legally presumed to be true, except in very special circumstances. This is the case

in Belgium for instance for the observations a notary makes and records in notarial deeds, e.g.

time, date and location of the transaction, identity of the parties, ... As Trusted Third Parties

become more common in all kinds of business transactions, their assertions as to the date of

transactions, the identity of parties or the integrity of records may one day also benefit from

such legal presumptions of truthfulness. This will depend of course on who the TTP is and

which guarantees for trustworthiness they present.

Legal presumptions determining probative value are exceptional and only hold in the jurisdiction

of their origin. Records and/or assertions contained in them which are presumed truthful in one

country, in all likelihood do not have such status in other countries.

“Trustworthy records are vital to an organization. These records help to improve

an organization’s operations and aid in reducing its liability and costs. The funda-

mental purpose of record keeping is to establish solid proof and details of events

that have occurred. A trustworthy record management system is, therefore, one

that can be relied upon to provide irrefutable evidence of all of the events that have

been logged. In other words, trustworthiness has to be established on an end-to-

end perspective, from the proper preservation of all of the records to the subsequent

delivery of the relevant records to an agent seeking the proof. In this white paper,

we show that the current limited focus on storing electronic records in Write-Once-

Read-Many (WORM) storage is not adequate to ensure that such records are trust-

worthy. What is really needed is a process we call fossilization – a holistic approach

to storing and managing records that ensures that they are trustworthy. Fossiliza-

tion is composed of three parts. The first, fossilization of storage, guarantees that

all records and their associated metadata are reliably stored and securely protected

from any modification. The second, fossilization of discovery, ensures that all pre-

served records pertinent to an enquiry can be quickly discovered and retrieved. The

third, fossilization of delivery, warrants that the exact pertinent records are deliv-

ered to the agent and that the records are delivered in an intact form. Because of the

extremely high stakes involved in tampering with the records, fossilization must be

realized very securely. The essential principles for securely implementing fossiliza-

tion include 1) raising the barrier to any attack; 2) focusing on end-to-end trust; 3)

40

LongRec Compliance State-of-the-Art

limiting what has to be trusted; 4) using a simple, well-defined interface between

trusted and untrusted components; and 5) verifying all operations.”30

• ROSSNAGEL, ALEXANDER, PFITZMANN ANDREAS, “Der Beweiswert von E-Mail”, NJW,

2003, Nr. 17

• BECKER, ARND, Elektronische Dokumente als Beweismittel im Zivilprozess, Frankfurt, Peter

Lang, 2004

• HSU, WINDSOR W. and ONG, SHAUCHI, Fossilization: A Process for Establishing Truly

Trustworthy Records, IBM Almaden Research Center, 2004, IBM Research , http://

domino.research.ibm.com/library/cyberdig.nsf/1e4115aea78b6e7c85256b360066f0d4/

02da1cea05c6c61, op. cit. (as in n. ??)

• ZHU, QINGBO, HSU WINDSOR W., “Fossilized Index: The Linchpin of Trustworthy Non-

Alterable Electronic Records”, In X. (ed.), International Conference on Management of Data

archive. Proceedings of the 2005 ACM SIGMOD international conference on Management of

data, New York, ACM Press, 2005 , http://portal.acm.org/citation.cfm?

id=1066157.1066203

• HOFFMANN, MATHIS, “Der Beweiswert elektronischer Dokumente”, DSWR, 2006, Nr. 3

• KLEIN, SUSANNE, “Die Beweiskraft elektronischer Verträge. Zur Entwicklung der zivil-

prozessrechtlichen Vorschriften über die Beweiskraft elektronischer Dokumente”, JurPC Web-

Dok. 2007, Nr. 198

3.4.1 Probative value of (digital) copies

Digital technology has provoked an renewed interest in the probative value of copies of original

documents. In first instance, many organizations have sought to replace extensive collections of

paper documents with digital copies. More and more, the necessity of converting original digital

files into preservation formats and the impact of this conversion on legal and probative value is

coming to the forefront.

In many countries, the probative value of copies is dealt with in a piecemeal fashion. In Belgium,

for instance, various institutions – both public and private – benefit from a ‘copy privilege’: the

copies of document they make or have made under their authority have the same probative value

as the originals.30 HSU, WINDSOR W. and ONG, SHAUCHI, Fossilization: A Process for Establishing Truly Trustworthy

Records, IBM Almaden Research Center, 2004, IBM Research , http://domino.research.ibm.com/library/cyberdig.nsf/1e4115aea78b6e7c85256b360066f0d4/02da1cea05c6c61.

41

LongRec Compliance State-of-the-Art

Very few countries have a comprehensive regulatory approach in place. One such rare example

is the Republic of Slovenia. The Slovenian Protection of Documents and Archives and Archival

Institutions Act (PDAAIA)31 contains provisions regarding the procedure for the conversion of

documents (see section III Documents PDAAIA) and the probative value of the resulting copies

(see Art. 31 ff. PDAAIA in particular).32

3.5 Standards

Though there are a great number of standards that relate to records management, only relatively

few address legal admissibility and probative value specifically. The British Standards Institute

has issued a number of standards on information and records management, and notably a code

of practice addressing admissibility and evidential weight of electronic records was published.

The first version of the code of practice dates back to 1996 and was revised in 1999. The current

version dates from 2004.

• BSI DISC PD0008:1996 http://www.bsi-global.com/en/Shop/Publication-Detail/

?pid=000000000000734901 Code of Practice for Legal Admissibility of Information

Stored on Electronic Document Management Systems

• BSI DISC PD0008:1999 http://www.bsi-global.com/en/Shop/Publication-Detail/

?pid=000000000030001674 Code of Practice for The Legal Admissibility and Eviden-

tial Weight of Information Stored Electronically

• BIP 0008-1:2004 http://www.bsi-global.com/en/Shop/Publication-Detail/

?pid=000000000030104568 Code of Practice For The Legal Admissibility Of Informa-

tion Stored Electronically and BIP 0009-1 http://www.bsi-global.com/en/Shop/

Publication-Detail/?pid=000000000030107409 Compliance workbook

The code of practice was extended in 2005 with a section on electronic communication of infor-

mation and one on the linking of electronic identity to documents.

• BIP 0008-2:2005 http://www.bsi-global.com/en/Shop/Publication-Detail/

?pid=000000000030132417Code of practice for legal admissibility and evidential weight31 See http://www.arhiv.gov.si/en/archival_regulations_and_standards/ for an English

translation of the act.32 See HAJTNIK, TATJANA, “Maintaining legal value of a record throughout their lifecycle”, DLM Forum Meeting,

Ljubljana, 8-9 april 2008, 2008 , http://dlmforum.typepad.com/Slovenia_Hajtnik.pdf.

42

LongRec Compliance State-of-the-Art

of information communicated electronically and BIP 0009-2:2006 http://www.bsi-global.

com/en/Shop/Publication-Detail/?pid=000000000030146667Compliance

Workbook.

• BIP 0008-3:2005 http://www.bsi-global.com/en/Shop/Publication-Detail/

?pid=000000000030132418Code of practice for legal admissibility and evidential weight

of linking electronic identity to documents and BIP 0009-3:2006 http://www.bsi-global.

com/en/Shop/Publication-Detail/?pid=000000000030146651Compliance

Workbook.

The BSI has announced it will issue a revised version in September 2008 after a period of

public review. The new standard will address issues relating to the authenticity and integrity of

electronic information which could potentially be used as evidence.33

3.6 Technological tools for capturing and handling evidence

An ambitious research project to develop technological tools to support the captura and man-

agement of digital evidence was the CTOSE project. In the wake of the project a non-profit

organisation – the CTOSE foundation – was founded, unfortunately it no longer exists. The

project website is partially avaible at the Internet Archive.34 Possibly, one of the industry part-

ners – Qinetiq 35 – may have incorporated the research results into its products and services.

• The CTOSE process model and guidelines focus on the approach to handling potential elec-

tronic evidence, which includes the sub-processes: identification, collection, tamper-free stor-

age, restricted and controlled access, analysis, judicial presentation and documentation of

electronic evidence, while taking into consideration the requirements of security, privacy, and

due legal process. One of the project’s major goals was to identify and extend best practices,

bringing together law enforcement agencies and civilian investigators, and carrying this into

industry to create a network of experts from all disciplines and sectors.36

The CTOSE project deliverables were33 BSI Media Release, 2 May 2008, http://www.bsi-global.com/en/About-BSI/News-Room/BSI-News-Content/Disciplines/Information-Management/Legal-admissibility-DPC/

34 http://www.archive.org.35 http://www.qinetiq.com/home/security.html36 CTOSE CONSORTIUM, CTOSE Project Results, 2003 , http://web.archive.org/web/*hh_/www.ctose.org/ResultsPaperv6.pdf, p. 1.

43

LongRec Compliance State-of-the-Art

• CTOSE Methodology Model

• Legal Advisor

• Process Model

• C*CAT – Cyber Crime Advisory Tool

• Forensic Readiness Guidelines

• Forensic Autopsy Tool with XML bindings

• CTOSE Demonstrator

• Project Story Board

CTOSE Methodology Model

The Methodology Architecture Model was used to produce the very detailed investigative Pro-

cess Model and Forensic Readiness Guidelines.

The model recognizes four distinct states in the evidence cycle, which are each addressed in the

Forensic Readiness Guidelines:

• Preparation Phase (setting up the information system)

• Running Phase (normal state)

• Awareness Phase (a problem arises, e.g. dispute)

• Investigation Phase (investigate incident)

• Learning Phase (incorporate lessons learned into system)

Forensic Readiness Guidelines define forensic readiness as “systematic advance action to pre-

pare and install the components, systems and procedures needed to enable a company, in an

efficient and cost-effective manner, to find, conserve and produce satisfactory evidence when an

incident occurs.”37

The guidelines identify 10 steps:

• Identify potential sources & different types of available evidence.

• Ensure monitoring is targeted.

• Decide which crimes and disputes, electronic evidence may be required for.

• Specify the circumstances when escalation to a full investigation is required.

• Train staff, to ensure all understand the legal consequences of incidents.

• Determine the evidence requirement.

• Establish a secure logging capability for the electronic evidence requirement.37 CTOSE CONSORTIUM, CTOSE Project Results, op. cit. (as in n. ??), p. 8.

44

LongRec Compliance State-of-the-Art

• Plan forensic procedures and adopt suitable internal/external standards.

• Set up a policy for the secure storage and handling of logs.

• Ensure that data are legally collected.

The Investigative Process Model also covers the different phases of the methodology model:

preparation, running, assessment, investigation and learning phase. The process model defines

the flow of actions and decisions which have to be considered or executed in the case of an IT

incident.38 An electronic version of the investigative process model comprising a flow chart

model of all actions, decisions and the relationships between them was developed. This tool was

called C*CAT (Cyber Crime Advisory Tool), but does not appear to be available anywhere.

Legal Advisor

Within the CTOSE project a legal advisory tool was developed with the objective of ensuring that

evidence can be produced which is admissible and has probative value in court. Unfortunately,

the tool does not appear to be available anymore. What follows is the published description of

the legal advisory tool:

“The legal requirements which cover the gathering of electronic evidence depend

on the nature of the court or tribunal to which this evidence is to be submitted:

Criminal Court – firmly set in statute and case law and specified in the Member

States’ penal codes, developed through time for the physical world and now thrust

into the electronic. The objective of a criminal court is to determine whether the

accused person has committed a crime and to punish the wrongdoer accordingly.”

Civil Court – set in tort, contract and property law for disputes between individu-

als (persons or companies) with an increasing amount of electronic evidence now

involved in company disputes. Adjudication is given upon evidence presented and

a remedy is provided. Tribunal or Extra-judicial – defined in industrial relations

law and mediation and arbitration procedures. These instances range from tribunals

which adjudicate in labour law disputes between employees and their employers

to extra-judicial mediation and arbitration hearings for dispute resolution between

companies.

The rules for the procedure and acceptance of evidence are somewhat different for

these different bodies, and for their instantiation in different countries: the elements38 CTOSE CONSORTIUM, CTOSE Project Results, op. cit. (as in n. ??), p. 5.

45

LongRec Compliance State-of-the-Art

of the evidence and the burden of proof con vary considerably. This fact, combined

with the international nature of the Internet, means that an investigator may well

find himself handling evidence to be presented to a tribunal whose rules of evidence

are quite unfamiliar to him. It is therefore essential to have a uniform approach

to electronic evidence processing and handling. Criminal courts tend to have the

most stringent requirements for evidence gathering and admissibility, because of the

burden of proof required (e.g. in English law “beyond reasonable doubt”, in French

law “la conviction intime”). For this reason, LE bodies accustomed to producing

evidence for criminal courts, and accustomed to ensuring a satisfactory chain of

custody, have made a significant contribution to the project by contributing advice

and “best practice”.

The Legal Expert Tool (Figure 3) is an on-line advisory tool for the investigator. It

works interactively, asking questions and using the answers to offer the user guid-

ance on national penal and privacy laws, to ensure that the evidence produced will

be admissible, convincing, and legally gathered.”39

Forensic Autopsy Tool (FAT)

Another tool developed within CTOSE was the FAT (Forensic Autopsy Tool). Electronic evi-

dence has important legal aspects. In order to be presented to a court, it must be authenticated

as being:40

• Authentic - this evidence is indeed what it is claimed to be; it has not been tampered with.

• Complete - there is nothing missing which could contribute to the understanding of the points

under discussion

• Trustworthy - this evidence has been collected and handled in such a way that there can be no

doubt about its authenticity and veracity.

“The FAT was developed from an open source tool created by Brian Carrier from

@stake and Purdue University. The tool addresses the problems outlined above;

the team further enhanced it by developing an XML format to package an item of

evidence, and display a time line report.”41

FAT can be used for log file analysis:39 CTOSE CONSORTIUM, CTOSE Project Results, op. cit. (as in n. ??), p. 4.40 CTOSE CONSORTIUM, CTOSE Project Results, op. cit. (as in n. ??), p. 10.41 CTOSE CONSORTIUM, CTOSE Project Results, op. cit. (as in n. ??), p. 10.

46

LongRec Compliance State-of-the-Art

“The FAT can be used to recover all possible logs from different sources. There

is as yet no standard format for logs, nor for security reporting, and therefore it is

not possible to entirely automate log file analysis. However the CTOSE project has

developed a set of requirements for log file analysis tools”42:

• The tool should recognise the event structure of the log file.

• The tool should allow scanning / analysing of the events recorded using a config-

urable built-in database (which permits updating).

• The tool should warn the user when it encounters unknown or suspicious events,

and ask for a classification of these.

• The tool should produce a statistical report covering critical, high, medium, and

low level security events, including an explanation of the classification criteria.

• The tool should allow the sorting and filtering of events as well as output of the

result into a specific user-defined file format.

• The tool should log any input-output error.

• The tool should provide clear and secure documentation of the user’s actions.

In the particular – but very common – case of analysis of log files from different sources there

are the following further requirements:

• The tool should aggregate all the logs from all the different sources.

• The tool should enable mapping each log file onto its corresponding node in the network (with

the network topology displayed graphically).

• The tool should allow filtering of the logs, keeping only events of a given specification.

• The tool should display a sorted time-line list of all the events gathered.

The FAT address these problems. However the challenge is significant, and although the project

has developed a beta tool, further effort is required before it is fully ready for roll-out.

CTOSE Demonstrator and Project Story Board

In order to demonstrate the commercial viability of the CTOSE research results, the CTOSE

demonstrator and project story board were developed.

“The CTOSE Demonstrator shows the methodology applied in a realistic commer-

cial setting. The demonstrator includes three scenarios, which were developed in42 CTOSE CONSORTIUM, CTOSE Project Results, op. cit. (as in n. ??), p. 11.

47

LongRec Compliance State-of-the-Art

consultation with the SIG to show the range of challenges arising from high-tech

crime. The demonstrator shows these three attack scenarios being handled both

with and without the CTOSE methodology.”43

“The Story Board is a portable demonstration and sales tool, with some 250 inter-

connected slides and actions.”44

Further reading

• FRINGS, S. et al., “Cyber Crime Advisory Tool - C*CAT: a holistic approach to electronic

evidence processing”, Proceedings of the 10th International Conference on Human-Computer

Interaction, 3 2003

• ROWLINGSON, ROBERT, “A Ten Step Process for Forensic Readiness”, International Jour-

nal of Digital Evidence, vol. 2 2004, Nr. 3 , http://www.utica.edu/academic/

institutes/ecii/publications/articles/A0B13342-B4E0-1F6A-156F501C49CF5

• DINANT, JEAN-MARC, “The long way from electronic traces to electronic evidence”, Inter-

national Review of Law, Computers Technology, Vol. 18 2004

• LEROUX, OLIVIER, “Legal admissibility of electronic evidence”, International Review of

Law, Computers Technology, Vol. 18 2004, Nr. 2

• PEREZ ASINARI, MARIA VERONICA, “Legal constraints for the protection of privacy and

personal data in electronic evidence handling”, International Review of Law, Computers

Technology, Vol. 18 2004, Nr. 2

• BROUCEK, VLASTI, TURNER, PAUL and FRINGS, SANDRA, Music piracy, universities and

the Australian Federal Court: Issues for forensic computing specialists, 2005, 21 , http:

//dx.doi.org/10.1016/j.clsr.2005.01.014

• SATO, O, BROUCEK, V and TURNER, P., “Electronic evidence management for computer

incident investigations: a prospect of CTOSE”, Security Manage, 2005, Nr. 18

• BROUCEK, VLASTI and TURNER, PAUL, “Winning the Battles, Losing the War? Rethinking

Methodology for Forensic Computing Research”, Journal in Computer Virology, Vol. 2 2006,

Nr. 1

43 CTOSE CONSORTIUM, CTOSE Project Results, op. cit. (as in n. ??), p. 11.44 CTOSE CONSORTIUM, CTOSE Project Results, op. cit. (as in n. ??), p. 12.

48

Chapter 4

Legal Metadata

A concise introduction to metadata and it’s role in electronic records management can be found

in FRANKS, PAT and KUNDE, NANCY, “Why metadata matters”, The Information Management

Journal, Sept/Oct 2006.

ISO has issued a standard for record’s metadata: ISO 23081 – Metadata for records. This

standard is an extension of ISO 15489 (Information and documentation – Records management)

and is intended to help people understand metadata from a records management perspective, not

to develop a new metadata set. The standard gives a definition of records management metadata

and describes its purpose. It describes roles and responsabilities in assigning and maintaining

metadata.

Over the years, a large amount of metadata schemas and standards have been created. Like

records themselves, metadata must be tailored to the particular business activity that generates

or uses them. Considering the diversity in business activities, the numer of metadata schemas in

use comes as no surprise. With the networked society, the desire to interchange information and

records efficiently has given rise to more interest in ensuring interoperability of metadata.

Researching the progress in metadata standardization in general is outside the scope of this

deliverable. A snapshot of important metadata standards was made by the MetaMap project.1

Efficiently developing standards-compliant metadata schemas for particular environments and

then reusing them for other business activities was the subject of the Clever Recordkeeping

Metadata Project.2

1 http://www.mapageweb.umontreal.ca/turner/meta/accueil.html.2 http://infotech.monash.edu.au/research/groups/rcrg/crkm/index.html.

49

LongRec Compliance State-of-the-Art

“The aim was to bring together researchers and practitioners to investigate how

standards-compliant metadata could be created once in particular application en-

vironments, then used many times to meet a range of business and recordkeeping

purposes. The project wished to explore how to move away from the current re-

source intensive process of manual metadata attribution and stand-alone systems,

towards an integrated suite of business systems and processes supporting record-

keeping functions.”3

Though many metadata schemas exist, only few focus specifically on legal metadata. A major

obstacle to overcome is of course the great disparity between legal systems amongst various

countries and regions. Striving for one standardized set of legal metadata that would be valid

around the globe is an unachievable goal. Interoperability of legal metadata schemas is a more

realistic objective. The section on Legal Informatics discussed the state of research on those

technologies that hold promise for an interoperable legal metadata framework.

In what follows, two legal domains – data protection and copyright – are discussed in more

detail. Copyright is an issue that affects virtually every organisation, though some more than

others. It is also one of the rare legal domains that has globally harmonized rules to such a

degree. Finally, a number of metadata schemas exist that refer to copyright directly or indirectly.

These schemas are briefly reviewed from the angle of compliance.

Data protection is not as highly harmonized as copyright, there are notable differences in the

level of protection between countries. In the EU a comprehensive and harmonized data protec-

tion regulation exists, which has inspired a number of other countries to enact similar rules. No

metadata schemes dealing with privacy and data protection have emerged in the course of this

state-of-the-art review. Therefor the discussion centers around requirements for such a metadata

schema, taking the EU data protection rules as the starting point.

4.1 Data protection

At present there appears to be no metadata schema in existence to capture information relevant

to data protection in records management, even though much research is devoted to building

privacy protection into computer systems at various levels through Privacy-Enhancing Tech-

nologies.4 Privacy-Enhancing Technologies (PET) encompass all the technical controls that can3 http://infotech.monash.edu.au/research/groups/rcrg/crkm/index.html.4 See for instance the EU Commission’s page on Privacy Enhancing Technologies: http://ec.europa.eu/information_society/activities/privtech/index_en.htm.

50

LongRec Compliance State-of-the-Art

be used to protect personal data, including the design of the information systems architecture.5

Much research has been devoted to privacy-friendly identity management systems6 or languages

to express privacy preferences on the web.7

In what follows the EU data protection rules are the focus of attention and it is from these rules

that the list of questions to be addressed in records management is derived.

• Which data protection laws apply (jurisdiction)?

• Is there personal data present in the records?

• Is there ‘sensitive data’ present in the records?

• Do I have legitimate grounds for processing the data?

• Why am I (still) processing this data?

• How am I processing my data?

• What is my data quality assurance policy?

• What is my data security policy?

• Is my data crossing borders?

Each of these questions is discussed below. As these questions are very high level, it is quite

possible that they will apply with little or no modification to data protection regulations from

outside the EU. This is a subject for future research and/or validation in practice.

Notably the U.S. do not have a general data protection regime in place at present, however sector-

specific privacy rules do exist.8 For instance in the medical sector, health records are protected

by the Health Insurance Portability and Accountability Act of 1996. U.S. Federal agencies are

subject to the Privacy Act of 1974.9

Canada has separate privacy laws for the public and private sectors. The public sector is governed

by the Privacy Act and Access to Information Act 1983. A federal privacy law for the private

sector was introduced in 2000: The Personal Information Protection and Electronic Documents

Act (PIPEDA).5 BORKING, JOHN, “Privacy Rules, A Steeple Chase For Systems Architects”, In X. (ed.), W3C Workshop on

Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement, 17 and 18 October 2006, Ispra,Italy, W3C, 2006 , http://www.w3.org/2006/07/privacy-ws/papers/, p. 1.

6 See for an example the Prime research project https://www.prime-project.eu/ and the followingPrime-Life project (http://www.primelife.eu/).

7 See P3P, http://www.w3.org/P3P/.8 For an overview see MARCUS, J. SCOTT, CARTER, KENNETH and ROBINSON, NEIL, E.A., Comparison of

Privacy and Trust Policies in the Area of Electronic Communications, Bad Honnef, wik-Consult GmbH, 2007 ,http://ssrn.com/abstract=1086929, p. 57-65.

9 This act does not afford protection to foreigners, which no doubt contributes to the European Commission’sfinding of an inadequate level of data protection in the U.S.

51

LongRec Compliance State-of-the-Art

Before delving into the questions themselves a few key terms from the data protection domain

are defined. Then a real world example of a multinational grappling with data protection com-

pliance is presented, which will serve to illustrate key points further on.

4.1.1 Data protection terminology

As is the case in many legal domains, a specific terminology is used in the field of data protection.

For a better understanding of what follows, a few key terms are explained.

The data subject is the person about whom data is being processed.

Processing covers the entire life cycle of data, from collection and registration through to de-

struction of data. The EU Data Protection Directive refers to collection, recording, organiza-

tion, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission,

dissemination or otherwise making available, alignment or combination, blocking, erasure or

destruction.10

The data controller is the person or organization in charge of the processing of data. The cri-

terium used in the EU to identify the data controller is who determines, alone or jointly with

others, the purposes and means of the processing of personal data.11 Anyone who works on

behalf of the data controller is a processor.

4.1.2 Learning from the experience of others: the SWIFT case

SWIFT is an industry owned cooperative supplying secure, standardised messaging services and

interface software to over 7,800 financial institutions worldwide. SWIFT is solely a messaging

intermediary for transmitting secure and confidential financial messages between financial insti-

tutions. SWIFT is not a bank, nor does it hold accounts of any customers.12

SWIFT is a company based in Belgian with subsidiaries in many countries, including Australia,

Brazil, Switzerland, Germany, Spain, France, the United Kingdom, Hong Kong, Ireland, Italy,

Japan, Luxembourg, Sweden, Singapore, South Africa, and the United States. SWIFT has two

data centres, one located in the EU and the other in the United States. All data is mirrored on

both locations as a back-up measure.13

10 Art. 2 b EU Data Protection Directive.11 Art. 2 d EU Data Protection Directive.12 Swift Press Release, “SWIFT statement on compliance policy”, June 23d 2006, http://www.swift.com/index.cfm?item_id=59897

13 Article 29 Working Party Opinion 10/2006, p. 8.

52

LongRec Compliance State-of-the-Art

An article appeared in the June 23 edition of New York Times, the Wall Street Journal and other

U.S. journals on terrorism investigations and the role of SWIFT, sparking media debate on the

issue of data protection and data transfer in Europe and the U.S.

Personal data, collected and processed via the SWIFT network for international money transfers

had been provided to the United States Department of the Treasury (“UST”) since the end of

2001 in response to compulsary administrative subpoenas under American law for terrorism

investigation purposes. Under US law, an administrative subpoena is an order from a government

official to a third party, instructing the recipient to produce certain information.14 The subpoenas

addressed to SWIFT were very wide in scope, materially, territorially and in period of time under

scrutiny.15

SWIFT negotiated with the UST on how it would organise its compliance with the subpoenas,

and claims to have received “significant protections and assurances as to the purpose, confiden-

tiality, oversight and control of the limited sets of data produced under the subpoenas.”16

The messages of interest to the UST contain names of the beneficiary of a bank transfer, the or-

dering customer and information about the transfer itself, in a structured or unstructured form.17

Clearly this constitutes personal data within the meaning of Directive 95/46/EC on Data Protec-

tion. When the processing of personal data is carried out by an organization established on the

territory of an EU Member State, its data protection rules apply. 18

“The critical decisions on the processing of personal data and transfer of data to the

UST were decided by the head office in Belgium. As a consequence, the processing

of personal data by SWIFT is subject to Belgian law, implementing the Directive,

regardless of where the data processing takes place.”19

Given SWIFT’s level of autonomy in dealing with the personal data in its possession, SWIFT

must be regarded as a ‘data controllor’ upon whom all the data protection obligations are in-

cumband, and not merely a data processor operating under supervision and responsibility of

another entity.20 The Belgian Data Protection Authority ruled on the case at hand on Septem-

ber 27th 2006.14 Article 29 Working Party Opinion 10/2006, p. 8.15 Article 29 Working Party Opinion 10/2006, p. 8.16 Swift Press Release, “SWIFT statement on compliance policy”, June 23d 2006, http://www.swift.com/index.cfm?item_id=59897

17 Article 29 Working Party Opinion 10/2006, p. 8.18 Art. 4 §1 a of the EU Data Protection Directive.19 Article 29 Working Party Opinion 10/2006, p. 9.20 Article 29 Working Party Opinion 10/2006, p. 10.

53

LongRec Compliance State-of-the-Art

Given the high profile nature of the case, the European Commission decided to follow the case

as well in collaboration with the Member States. Notably, the question arose whether banks

affiliated with SWIFT are in compliance with their national laws on data protection when they

use the system for the processing of payments.

The inquiries of the various EU data protection agencies were coordinated in the Article 29

Working Party, which resulted in the publication of Opinion 10/2006.

The Article 29 Working Party states that “By deciding to mirror all data processing activities in

an operating centre in the US, SWIFT placed itself in a foreseeable situation where it is subject

to subpoenas under US law.” The fact that compliance with the US subpoenas is mandatory and

lawful in the US does not excuse SWIFT from its obligations under Belgian law.

Though the Data Protection Directive and the Belgian Data protection Act state that data pro-

cessing has legitimate grounds when it is imposed by a legal obligation to which the controller

is subject, this does not cover foreign rules from outside the EU.21

The European Commission has issued clarification on safeguards to be put in place by a recipient

of personal data in a third country so that transfer may occur even if the level of protection offered

by legislation is insufficient. The documents address transfers from a data controller to a data

controller, from a data controller to a processor22 and transfers within multinationals.23

4.1.3 Jurisdiction: which data protection laws apply?

Organizations operating strictly on the territory of one country must comply with the data pro-

tection rules of that country, and in principle of that country alone. Organizations, established

in a single country, but operating across national borders, may have to take into account data

protection legislation from different countries. Multinationals by definition must comply with

the laws of more than one country.

When it comes to the territorial scope of laws, there is no uniform way to determine which coun-

try’s law apply to the exclusion of all others. In the end, a country can more or less arbitrarily

determine the territorial reach of its laws (enforcement being a different matter). In practice,

there must usually some connection to a country before its laws will apply, e.g. activity on the

country’s territory or by a country national, . . . )21 Article 29 Working Party Opinion 10/2006, p. 18.22 See http://ec.europa.eu/justice_home/fsj/privacy/modelcontracts/index_en.htm.

23 Article 29 Working party Working document WP 74, “Transfers of personal data to third countries: ApplyingArticle 26(2) of the EU Data Protection Directive to Binding Corporate Rules for International Data Transfers”adopted by the Working Party on 3d June 2003 and further complementary documents WP 107 and WP 108.

54

LongRec Compliance State-of-the-Art

The reach of the EU data protection directive does not depend on whether the data subject is a EU

citizen or not. Nor is it decisive whether the records reside in the EU or whether the processing

occurs in the EU. The reach of the EU data protection directive depends primarily on the fact

whether the data controller is established in an EU Member State. Each Member State shall

apply its national data protection provisions when data processing is carried out in the context

of the activities of an establishment of the controller on its territory.24 Secondarily, the Member

States must apply data protection rules to any processing of data occuring on their territory, even

if the data controller is not established in the EU. 25 Knowing which jurisdictions apply will

also tell which data protection authorities have oversight authority over an organization’s data

processing activities as well as any requirements to notify data protection authorities of the fact

that data processing is planned.

In the SWIFT case, the contested processing of personal data (handing over personal data to the

UST) occurred in the U.S. However, the Belgian Data Protection Act is deemed applicable on

SWIFTs decisions regarding data processing, wherever the actual processing occurs, because

SWIFT is established in Belgium.

Companies established in the U.S. and processing data in the U.S. usually have nothing to fear

from EU data protection regulation. However, if a U.S. company starts collecting and processing

personal data in the EU, it must take into account EU data protection rules.

4.1.4 Is there personal data present in the records?

Ascertaining wether or not records contain personal data is not an easy task, furthermore, differ-

ent countries have different legal definition(s) of what personal data is.

In theory, the definition is harmonised amongst all the EU Member States, in practice the inter-

pretation differs.26 There is little debate where data about identified persons is concerned, this

is obviously personal data. Where to draw the line between indirectly identifiable personal data

and truly anonymous or non-personal data is a source of discord. Root of the discussion is the

effort required to identify the data in question. Recital 26 of the EU Data Protection Directive

states that “account should be taken of all the means likely reasonably to be used either by the

controller or by any other person to identify the said person”. Belgium has taken this to mean24 By extension, when a Member States law is applied outside its territory, by virtue of the rules of international

public law, e.g. on ships or airplanes operating under a country’s flag, the data protection rules must be appliedthere as well. Art. 4 EU Data Protection Directive.

25 Art. 4 EU Data Protection Directive.26 Article 29 Working Party, Opinion 4/2007 on the concept of personal data, June 2007.

55

LongRec Compliance State-of-the-Art

that as long as someone out there can identify the data, it is personal data to which the law ap-

plies, no matter how unlikely it is that this person would cooperate with the data controller. A

similar position is held by the Swedish and French data protection authorities. Other countries,

like Germany, focus on the effort it would cost the data controller himself to identify the data,

including the cost or difficulties in enlisting the help of others.

4.1.5 Is there ‘sensitive data’ present in the records?

The EU Data Protection directive affords more stringent protection to “sensitive data”, which

is data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs,

trade-union membership and data concerning health or sex life. The processing of the sensitive

data is only allowed on grounds explicitly mentioned in Art. 8 (2)-(7) of the EU Data Protection

Directive. Again, the Member States may differ slightly in their implementation of this more

stringent protection regime for personal data.

Most of the data processed by SWIFT would not qualify as sensitive data, though exceptions

are possible. Payment of a membership fee to a trade union could be considered ‘sensitive data’

under the EU Data Protection rules, especially if the included free text form explicitly states it is

the payment of a membership fee. No doubt examples for the other types of sensitive data exist

as well.

An organisation will need to consider at which level of granularity it can safely make the assess-

ment of whether sensitive data is involved. Is it necessary to tag individual records as containing

sensitive data or can a tag be added at series or collection level? Is there a difference from one

country to the other?

4.1.6 Do I know about who I’m processing personal data

One might assume that if an organisation processes personal data, it must know exactly about

who. However, this is not necessarily so since the legal definition of personal data covers all data

that can be tied to a person, whether or not this person is already identified or only potentially

identifiable. An analysis of the level of data subject identification in the organisation can clarify

to which degree data subjects are identified or identifiable.27

27 With regard to database design, see GOUNARIS, ANASTASIOS and THEODOULIDIS, BABIS, “Data Base Man-agement Systems (DBMSs): Meeting the requirements of the EU data protection legislation”, International Jour-nal of Information Management, 23 2003, Nr. 3 , http://dx.doi.org/10.1016/S0268-4012(03)00023-9, p. 189.

56

LongRec Compliance State-of-the-Art

The personal data processed by SWIFT in its financial transfer messages is almost exclusively

data about identified persons. Bank account numbers are generally linked to identified persons,

with the exception perhaps of bank account numbers owned by legal persons. Possibly, free text

portions of financial transfer messages may contain personal data about persons which are not

identified but may be identifiable.

A secondary question is whether or not I am able to tie all dispersed personal data I have about

one person together if required. The EU Data Protection Directive requires a data controller to

be able to inform each data subject as to whether or not data relating to him are being processed

as well as communication in an intelligible form of the data being processed (right of access).28

The report given in response to an access request must contain additional information about why

and how data is being processed, as will be discussed further on.

4.1.7 Do I have legitimate grounds for processing the data?

The EU Data Protection directive prohibits processing of personal data unless the controller has

legitimate grounds to do so. Legitimate grounds are one of the following:

“Art. 7 Member States shall provide that personal data may be processed only if:

• (a) the data subject has unambiguously given his consent; or

• (b) processing is necessary for the performance of a contract to which the data subject is party

or in order to take steps at the request of the data subject prior to entering into a contract; or

• (c) processing is necessary for compliance with a legal obligation to which the controller is

subject; or

• (d) processing is necessary in order to protect the vital interests of the data subject; or

• (e) processing is necessary for the performance of a task carried out in the public interest or

in the exercise of official authority vested in the controller or in a third party to whom the data

are disclosed; or

(f) processing is necessary for the purposes of the legitimate interests pursued by the controller

or by the third party or parties to whom the data are disclosed, except where such interests are

overridden by the interests for fundamental rights and freedoms of the data subject which require

protection under Art. 1 (1).”29

28 Art. 12 EU Data Protection Directive.29 Art. 7 EU Data Protection Directive.

57

LongRec Compliance State-of-the-Art

It should be noted that particular instances of data processing may fall under different legitimacy

grounds. This is important as the grounds for legitimacy which applies also determines the limits

of permissible data processing.

In the SWIFT case, the Belgian DPA made a distinction between the regular operation of its

service and the transfer of data to the UST in response to subpoenas. Processing bank transfer

statements exchanged between member banks was deemed legitimate because it was done in the

execution of a contract with the member banks (who in turn have a contractual relation with the

data subject).30

With respect to the transfer of data to the UST, the Belgian DPA rejected the grounds of com-

pliance with a legal obligation by considering that foreign rules from outside the EU are not

covered.31 This position is in line with a previous opinion of the Article 29 Working party and

was later confirmed by the subsequent opinion on the SWIFT case.32 Both the Belgian DPA and

Article 29 Working party did accept the grounds of legitimate interests pursued by SWIFT33

, however both found SWIFT to be in breach of data protection regulation due to the circum-

stances of how the transfer to the UST was handled.

If my grounds for legitimacy is ‘unambiguous consent’34 do I want metadata that points to

the actual consent given by a data subject or only that points to the policy for obtaining such

consent? The same data subject may have to give consent several times, for instance because

separate consent may be required for processing sensitive data or for transferring data to a third

country with an inadequate level of data protection rules.35 How do I want to deal with this in

my metadata schema?

If my grounds for legitimacy is ’(pre-)contractual relationship’ do I want to point to the actual

contract or negotions documentation with the data subject or only to the business process from

which the contract arises?

In case my grounds for legitmacy is ‘legal obligation’ do I point directly to the law(s) in question

or to a company policy document interpreting and applying the law, or both?

If ‘vital interests’ of the data subject are the grounds for legitimacy, should metadata point to a

document stating which vital interests for the individual involved or is a reference to a policy30 Belgian DPA, Decision 37 of 2006, p. 16.31 Belgian DPA, Decision 37 of 2006, p. 19.32 See Article 29 Working Party Opinions 1/2006, p. 8 and 10/2006, p. 1833 Belgian DPA, Decision 37 of 2006, p. 20 and Article 29 Working Party Opinion 10/2006, p. 18.34 Regarding the conditions of obtaining consent, notably by automated processes, see BORKING, Privacy Rules,

A Steeple Chase For Systems Architects, op. cit. (as in n. ??), p. 10 ff.35 GOUNARIS and THEODOULIDIS, International Journal of Information Management 23 [2003], op. cit. (as in

n. ??), p. 189.

58

LongRec Compliance State-of-the-Art

document sufficient?

If ‘task of public interest or exercise of official authority’ is my grounds for legitimacy to what

level of detail should this be reflected in metadata?

If ‘legitimate interests’ are the grounds for legitimacy, how can this be captured in metadata?

Additionally, to what extent should metadata point to information explaining why in the business

process at hand the legitimate interests of the data controller are not overridden by the interests

of the data subjects?

The banks making use of the SWIFT service to transfer messages in relation to financial transfers

between financial institutions have a contractual relation with the client putting the order for the

financial transfer. Where the recipient of the financial transfer is concerned, the banks have a

legitimate interest in processing his data at least for the completion of the transfer. Subsequent

processing of the recipients data by the bank, for instance preservation for a number of years

may be required by law, e.g. accounting laws or anti-money laundering laws.

SWIFT has no direct contractual relation with either the client initiating the financial transfer or

the recipient, thus it could at best claim an indirect contractual relationship with the data subjects

via the member banks or rely on ‘legitmate interests’.

Finally, there is a temporal aspect to consider. In particular where consent is the grounds for

legitimacy, consent may be withdrawn at a certain point by the data subject. This affects the

kinds of processing which are still allowed or even required after this occurs. The other grounds

for legitimacy may also be valid only for a specific period in time. A legal obligation to preserve

records is grounds to process personal data, but only until the preservation term runs out. Deter-

mining how long the data controller can claim his legitimate interests prevail upon those of the

data subject is a delicate issue.

4.1.8 Why am I (still) processing this data?

All the obligations incumbant upon the data controller hinge upon the purpose for which he is

processing personal data.

Personal data may only be collected for specified, explicit and legitimate purposes and not fur-

ther processed in a way incompatible with those purposes.36 Personal data should be adequate,

relevant and not excessive in relation to the purpose of processing.37 Being able to make the con-

nection between (categories of) personal data and the reason for which it is being processed in36 Art. 6 §1 b EU Data Protection Directive.37 Art. 6 §1 c EU Data Protection Directive.

59

LongRec Compliance State-of-the-Art

metadata can help ensure that no unnecessary, irrelevant or inadequate data is being processed.

If no reason for the data being there is stated, at least the question should be raised as to why it

is there in the first place. Obviously, merely referring to a general or vague purpose will offer

no guarantees of actual compliance with data protection. Ideally, there should be a link with

one or more specific business processes or goals which justify which justify processing of that

particular set of personal data. In case a data subjects requests access to their personal data, the

data controller should be able to explain in the report what the purpose of the processing is as

well as the categories of data concerned.38

The simplest data processing scenario is one where data is collected from the data subject, pro-

cessed and then discarded. An example is an organization that holds a survey amongst cus-

tomers, compiles the results into a report and then discards or anonymizes the source data. In

reality, this scenario is rather rare. Usually personal data is obtained either from the data subject

or from another source for a specific purpose and preserved. At a later time, the data controller

may realise that the same data can be used for other purposes as well and wish to do so. Such

reuse or ‘further processing’ is permissible under the EU Data Protection rules only if the new

purpose is compatible with the original purpose for which the data was obtained. Note that reuse

of data for historical, statistical or scientific purposes shall not be deemed incompatible, inasfar

as the conditions imposed by the Member States upon such reuse are followed.39

Reuse of personal data for a new and incompatible purpose is not illegal per se, but it must

conducted as if one were starting from scratch. A ground for legitimacy must be found (e.g.

consent for the new purpose), the data subject must be informed about the data processing, the

Data Protection Authority may need to be notified, etc.

SWIFTs original purpose for processing personal data is to route financial transfer messages

between member banks, a purely commercial purpose. Handing over the data to the UST in

response to subpoenas for alleged terrorism investigations is an example of further processing

which is incompatible with the original purposes.40 The transfer of data to the UST could have

been lawful, if SWIFT had complied with the relevant provisions of the Belgian Data Protection

Act as if the data in question were freshly collected.41

Personal data may be preserved in identifiable form for only as long as it is necessary for the pur-38 Art. 12 EU Data Protection Directive.39 Art. 6 §1 b) EU Data Protection Directive. For an overview of the implementation of this provision by a selection

of EU Member States, see IACOVINO, LIVIA and TODD, MALCOLM, “The long-term preservation of identifiablepersonal data: a comparative archival perspective on privacy regulatory models in the European Union, Australia,Canada and the United States”, Archival Science, vol. 7 2007, Nr. 1 , http://dx.doi.org/10.1007/s10502-007-9055-5, p. 112 ff.

40 See Article 29 Working Party Opinion 10/2006 p. 15.41 See Article 29 Working Party Opinion 10/2006, p. 15-16.

60

LongRec Compliance State-of-the-Art

pose for which it was collected and further processed. After this time, it may only be preserved

in anonymized form.42

The EU Data Protection Directive gives individuals the means to enforce this principle by grant-

ing each data subject the right to demand that data held in breach of the data protection rules is

erased or blocked from the system.43 Furthermore, any third parties to whom the data has been

disclosed must be notified of the erasure or blocking.44

Not only may the data subject demand that personal data processed in breach of the rules is

removed, he may even demand that data processed in compliance is no longer used. This is

called the data subject’s right to object.45 The objection must be justified based upon compelling

legitimate grounds relating to the data subject’s particular situation. The Member States may

impose further limits on the right to object. The Belgian DPAct does not allow for a right

to object when the data processing is required in a (pre-)contractual relationship with the data

subject or in light of a legal obligation.46

Note that in case the anticipated purpose of the data processing is direct marketing the data

subject may object at will, without the need for any justification.47

Without going into the details of when a data subject may object to his data being processed

any longer. It is important to consider the impact of such an objection upon records manage-

ment. Simply deleting information may not be enough, as this alone would not prevent the same

person’s data to be collected and processed all over again at a later time. Multinational organi-

zations will need to figure out whether the objection is valid for all data processing activities in

the world or region, or whether it only applies to local data processing.

In the SWIFT case, the financial message transfer service was deemed to be regulated by the

Belgian Data Protection Act. As a result any EU citizen would presumably have the right to

object to his data by processed for this purpose by SWIFT in accordance with the Belgian Data

Protection Act, and not his home country’s act. By contrast, the various sales offices located in

the EU countries would probably be subjected to local data protection rules for the processing

of data about their respective employees.

The data controller should ask himself:

• Do I need this data? Why?42 Art. 6 §1 §1 e) EU Data Protection Directive.43 Art. 12 b) EU Data Protection Directive.44 Art. 12 c) EU Data Protection Directive.45 Art. 14 a EU Data Protection Directive.46 Art. 12 §2 BDPAct.47 Art. 14 b) EU Data Protection Directive.

61

LongRec Compliance State-of-the-Art

• Do I need all of it?

• Is it sufficient for my needs?

• For how long do I need it?

Ideally, the metadata associated with personal data would quickly lead to the policy documents

that answer these questions.

4.1.9 What is my data quality assurance policy?

The data controller shall take steps to ensure that personal data is accurate and, where necessary,

kept up to date. Every reasonable step must be taken to ensure that data which are inaccurate

or incomplete are erased or rectified, taking in to account the purposes for which they were

collected or for which they are further processed.48

The data subject may demand that inaccurate information held about him is either rectified,

erased or blocked by the data controller.49 Additionally, any third parties to whom the data

has been disclosed must be notified of the rectification, erasure or blocking unless this proves

impossible or involves a disproportionate effort..50

4.1.10 What is my data security policy?

The confidentiality and security of personal data must be protected with all reasonable means.51

Not only must access by third parties be strictly controlled, access by employees of an organi-

zation should be limited to a need-to-know basis.52 Granting access could be determined based

on the role someone plays with respect to the organization. If this is the case, metadata accom-

panying personal data should clarify which roles have access to which data at which times.

It should be noted that the data subject is granted a right of access to all personal data processed

about him by the data controller, as indicated above.53 The report given in response to an access

request must explain which employees or categories of employees have access to the data.54

Oftentimes, personal data of several people is tied together somehow. Granting one data subject48 Art. 12 d) EU Data Protection Directive.49 Art. 12 b) EU Data Protection Directive.50 Art. 12 c) EU Data Protection Directive.51 Art. 17 EU Data Protection Directive.52 With regard to database design, see GOUNARIS and THEODOULIDIS, International Journal of Information Man-

agement 23 [2003], op. cit. (as in n. ??), p. 187.53 Art. 12 a) EU Data Protection Directive.54 GOUNARIS and THEODOULIDIS, International Journal of Information Management 23 [2003], op. cit. (as in

n. ??), p. 190.

62

LongRec Compliance State-of-the-Art

access to his personal data must be done without unlawfully disclosing personal data about

others.

Implementing audit trail functionality in the records management application appears to be a

minimal requirement in order to be in compliance with data protection regulation, not only to

ensure the confidentiality of the data but also to enforce many of the other obligations incumbent

upon the data controller. An audit trail aims to keep track of who accessed, amended, deleted or

disseminated data, when and for what purpose.55

4.1.11 How am I processing my data?

At issue here are the relevant circumstances of data processing. Am I processing data in com-

pliance with all relevant legal obligations?

What metadata do I need (or want to invest in having) to quickly reflect that processing is com-

pliant?

The EU Data Protection Directive imposes a number of obligations to ensure transparancy of

data processing towards the data subject concerned, notably by obliging the data controller to

provide information about the processing of his data. At least information pertaining to the

identity of the data controller and where applicable his representative, the intended purposes of

processing, the (categories of) recipients of data as well as any additional information required

to ensure fair processing considering the specific circumstances. Also, the data subject must be

informed that he has a right of access and rectification of his personal data. In case the data

subject already has all this information at his disposal, the obligation to inform is waived. A dis-

tinction is made between cases where data is collected directly from the data subject and cases

where it is obtained from other sources. In the latter case the data controller may sometimes

delay informing the data subject until such time as he discloses the data to a third party. Also,

the data controller must disclose categories of data he has obtained about the data subject from

his source. Finally, when the data controller collects personal data from a source other than the

data subject himself, the obligation to inform is waived when the provision of such informa-

tion proves impossible, would involve a disproportionate effort or if recording or disclosure is

expressly laid down by law.56 Without going into the nuances of exactly when to inform the55 With regard to database design, see GOUNARIS and THEODOULIDIS, International Journal of Information Man-

agement 23 [2003], op. cit. (as in n. ??), p. 191. See also RUNDLE, MARY, “International Personal DataProtections and Digital Identity Management Tools”, In X. (ed.), W3C Workshop on Languages for Privacy Pol-icy Negotiation and Semantics-Driven Enforcement, 17 and 18 October 2006, W3C, 2006 , http://www.w3.org/2006/07/privacy-ws/papers/21-rundle-data-protection-and-idm-tools, p. 3.

56 Art. 10 - 11 EU Data Protection Directive.

63

LongRec Compliance State-of-the-Art

data subject and what to inform him about according to the data protection rules of de different

Member States, it is clear that metadata capturing what initiatives the organization has in fact

taken to inform data subjects is of great value. An open question is whether I want or need

metadata that points to the actual information given to a data subject or only that points to the

policy for providing such information? Probably, in some business processes the first solution

will be worth the effort (e.g. processing employee records), while in others not (e.g. collecting

customer feedback via a web form).

Another provision intended to foster transparancy of personal data processing is the obligation

to notify the competent data protection authority before starting the processing of data.57 The

notifications are to be kept in a public register.58 The Directive affords the Member States

plenty of freedom to determine when notification is or is not required, as a result considerable

differences between the Member States may exist.

Use of automated decision making processes based on personal data is restricted by the EU Data

Protection Directive59 . When such automated decision processes are employed, the data subject

may request an explanation of the logic behind it.60

4.1.12 Do I know where data comes from and where it goes?

In case a data subjects requests access to their personal data, the data controller should be able to

give information as to their source (if available) as well as report who the recipients or categories

of recipients are to whom the data are disclosed.61

Any third parties to whom personal data has been disclosed must be notified of rectification,

erasure or blocking of such data unless this proves impossible or involves a disproportionate

effort.62

4.1.13 Is my data crossing borders?

This question is distinct from the issue of jurisdiction, though of course both issues are related.

The EU Data Protection Directive, and as a consuence all implementing legislations, restrict the

transfer of personal data to countries that do not fall with the reach of the Directive. In principle,57 Art. 18 EU Data Protection Directive.58 Art. 21 EU Data Protection Directive.59 Art. 15 (1) EU Data Protection Directive.60 Art. 12 EU Data Protection Directive.61 Art. 12 EU Data Protection Directive.62 Art. 12 c) EU Data Protection Directive.

64

LongRec Compliance State-of-the-Art

transfer to such countries is only permissible if it provides an adequate level of protection to

personal data.63 This is to prevent easy circumvention of the obligations by ‘off-shoring’ data

processing operations.

By way of exception and under the conditions laid down by the Member States, personal data

may be transfered to third countries which do not provide a sufficient level of protection if:

“(a) the data subject has given his consent unambiguously to the proposed transfer; or

(b) the transfer is necessary for the performance of a contract between the data subject and

the controller or the implementation of precontractual measures taken in response to the data

subject’s request; or

(c) the transfer is necessary for the conclusion or performance of a contract concluded in the

interest of the data subject between the controller and a third party; or

(d) the transfer is necessary or legally required on important public interest grounds, or for the

establishment, exercise or defence of legal claims; or

(e) the transfer is necessary in order to protect the vital interests of the data subject; or

(f) the transfer is made from a register which according to laws or regulations is intended to

provide information to the public and which is open to consultation either by the public in general

or by any person who can demonstrate legitimate interest, to the extent that the conditions laid

down in law for consultation are fulfilled in the particular case.”64

Another option is for the data controller to construct an adequate level of protection for data

being transferred65 , for instance through contractual provisions or binding corporate rules.66 In

this case, transfers must be authorized by the data protection authority and notified the European

Commission. The European Commission has issued three decisions on standard contractual

clauses that construct adequate safeguards, two of which regulate transfers from a data controller

to a data controller while the third regulates transfers from a data controller to a processor.67

By mirroring its data centre in the U.S. SWIFT effectively exported all of its personal data to a

country lacking an adequate level of protection. No steps were taken by SWIFT to construct an

adequate level of protection through contractual provisions or binding corporate rules, nor does

any of the exceptions apply.68

63 Art. 25 EU Data Protection Directive.64 Art. 26 §1 EU Data Protection Directive.65 Art. 26 §2 EU Data Protection Directive.66 See Article 29 Working Party Opinion 10/2006, p. 22.67 See Article 29 Working Party Opinion 10/2006, p. 22.68 See Article 29 Working Party Opinion 10/2006, p. 21 ff.

65

LongRec Compliance State-of-the-Art

4.1.14 Translation of privacy rules into information systems design

The first step in building a privacy compliant information system is a privacy threat analysis. The

threats identified have to be countered and neutralized in the design of the information system.69

Privacy law rules must be incorporated into the system design, one way to achieve this is by

representing the data protection rights and duties into the system.70 Borking proposes breaking

down legal texts into the smallest constituant parts (subject-verb-object) – whilst maintaining a

link with their legal source – and formalizing these into a privacy ontology.71 This approach

was used in the PISA project.72 The prototype developed in the PISA project appears to focus

on a situation where lawfullness of processing depends entirely upon the consent of the data

subject.73 Further development would then be required to incorporate other situations in the

system.

One aspect of designing privacy compliant systems is implementing privacy aware access con-

trol policies, their management and enforcement.74 Two platform-independant privacy policy

languages for access control are XACML and EPAL.75

XACML (Extensible Access Control Markup Language) is an OASIS XML standard compris-

ing a policy language describing general access control requirements and a corresponding re-

quest/response language, which allows to query whether a particular action is permitted.76 An

extension to XACML exists with which to express the purpose for which the data was collected69 BORKING, Privacy Rules, A Steeple Chase For Systems Architects, op. cit. (as in n. ??), p. 4, citing BORKING,

J.J. et al., Methodology of Privacy Threat Analysis, The Hague, EU PISA project IST-2000-26038, 2001,Deliverable 7 of WP 2

70 BORKING, Privacy Rules, A Steeple Chase For Systems Architects, op. cit. (as in n. ??), p. 11.71 BORKING, Privacy Rules, A Steeple Chase For Systems Architects, op. cit. (as in n. ??), p. 11.72 BORKING, Privacy Rules, A Steeple Chase For Systems Architects, op. cit. (as in n. ??), p. 11, citing KENNY, S.

and BORKING, J., “The Value of Privacy Engineering”, The Journal of Information, Law and Technology, 2002,Nr. 1 , http://www2.warwick.ac.uk/fac/soc/law/elj/jilt/2002_1/kenny/.

73 See BORKING, Privacy Rules, A Steeple Chase For Systems Architects, op. cit. (as in n. ??), p. 13 ff.74 CASASSA MONT, MARCO; X. (ed.), On the Need to Explicitly Manage Privacy Obligation Policies as

Part of Good Data Handling Practices, Ispra, Italy, W3C, 2006 , http://www.w3.org/2006/07/privacy-ws/papers/, p. 2.

75 For an comparison of these languages, see ANDERSON, ANNE, A Comparison of Two Privacy Policy Lan-guages:EPAL and XACML, Sun Microsystems Laboratories, 2005 , http://research.sun.com/techrep/2005/smli_tr-2005-147/TRCompareEPALandXACML.html.

76 MADSEN, PAUL, CASASSA MONT, MARCO and WILTON, ROBIN, “A Privacy Policy Framework - A Po-sition paper for the W3C Workshop of Privacy Policy Negotiation”, In X. (ed.), W3C Workshop on Lan-guages for Privacy Policy Negotiation and Semantics-Driven Enforcement, 17 and 18 October 2006, Is-pra, Italy, W3C, 2006 , http://www.w3.org/2006/07/privacy-ws/papers/, p. 2 ff. See alsohttp://xml.coverpages.org/xacml.html.

66

LongRec Compliance State-of-the-Art

and the purpose for which access is requested.77

EPAL (The Enterprise Privacy Authorization Language) is an interoperability language for ex-

changing privacy policies in a structured format between applications or enterprises.78

Before such formal privacy policy languages can be used, formal models must be derived from

natural language texts of regulations. In essence, from the full legal text portions relevant to

access control are selected and translated into formal expressions.79

“The Open Digital Rights Language (ODRL) is a “vocabulary for the expression of

terms and conditions over digital content including permissions, constraints, obli-

gations, conditions,offers and agreements with rights holders.” The ODRL spec-

ification supports an extensible language and vocabulary (data dictionary) for the

expression of terms and conditions over any content including permissions, con-

straints, requirements, conditions, and offers and agreements with rights holders.”80

Besides the issue of access control, systems should support compliance with other data protec-

tion obligations. ‘Privacy obligations’ are policies dictating constraints, duties and expectations

to data recipients, expressing how personal data should be handled. This includes amongst oth-

ers data retention management, deletion of data, notifications, data transformations.81 Privacy

obligations stem from data protection rules primarily, but may also stem from the privacy pref-

erences expressed by the data subject when giving consent.77 MADSEN, CASASSA MONT and WILTON, A Privacy Policy Framework - A Position paper for the W3C Work-

shop of Privacy Policy Negotiation, op. cit. (as in n. ??), p. 3. “Privacy policy profile of XACML v2.0”, avail-able at http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-privacy_profile-spec-os.pdf.

78 MADSEN, CASASSA MONT and WILTON, A Privacy Policy Framework - A Position paper for the W3C Work-shop of Privacy Policy Negotiation, op. cit. (as in n. ??), p. 3 ff.

79 GUNTER, CARL A., “Ensuring Privacy Conformance in Inter-Domain Systems”, In X. (ed.), W3C Workshopon Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement, 17 and 18 October 2006,Ispra, Italy, W3C, 2006 , http://www.w3.org/2006/07/privacy-ws/papers/, p. 1 ff. and MAY,MICHAEL J., GUNTER, CARL A. and INSUP, LEE, “Privacy APIs: Access Control Techniques to Analyze andVerify Legal Privacy Policies”, In X. (ed.), Computer Security Foundations Workshop, Venice, Italy, 2006 ,http://seclab.uiuc.edu/pubs/MayGL06.pdf.

80 MADSEN, CASASSA MONT and WILTON, A Privacy Policy Framework - A Position paper for the W3C Work-shop of Privacy Policy Negotiation, op. cit. (as in n. ??), p. 4.

81 CASASSA MONT, On the Need to Explicitly Manage Privacy Obligation Policies as Part of Good Data Han-dling Practices, op. cit. (as in n. ??), p. 2, referring to CASASSA MONT, MARCO, “Dealing with PrivacyObligations: Important Aspects and Technical Approaches”, In KATSIKAS, SOKRATIS K., LOPEZ JAVIER PER-NUL GÜNTHER (ed.), Trust and Privacy in Digital Business, Volume 3184, Lecture Notes in Computer Science,Springer, 2004 , http://dx.doi.org/10.1007/b99832 and CASASSA MONT, MARCO, A System toHandle Privacy Obligations in Enterprsies, HP, 2005, HP Technical Report , http://www.hpl.hp.com/techreports/2005/HPL-2005-180.html.

67

LongRec Compliance State-of-the-Art

“A proper language is required to describe a broad variety of “events” (beyond ac-

cess control, i.e., time-based events, context-based events, etc.) that might trigger

obligations: this language must also allow for an explicit description of the “target”

of an obligation (i.e., the personal data that is subject to the obligations) along with

the actions to be carried on (e.g., deletion, notification, etc.), allowed exceptions

and be extensible to future needs.”82

Casassa Mont draws up a list of requirements and proposes further steps for the development of

such a privacy obligations language.83 The work done in the Prime project is referred to as a

starting point.84

Building in compliance requires more than just determining what ought to be done in policies.

The next logical step is to ensure enforcement of these policies. A major element in enforcement

is auditability of information handling, which should result in accountability.85

Further reading

• BORKING, J.J., “The status of Privacy Enhancing Technologies”, In NARDELLI, E., POSADZIEJEW-

SKI, S. and TALAMO, M. (ed.), Certification and Security in E-Services, From E-Government

to E-Business, Boston, Kluwer, 2003

• BLARKOM, G.W. VAN, BORKING, J.J. and OLK, J.G.E., Handbook of Privacy and Privacy-

Enhancing Technologies, The case of Intelligent Software Agents, The Hague, College

bescherming persoonsgegevens, 2003 , http://www.andrewpatrick.ca/pisa/handbook/

Handbook_Privacy_and_PET_final.pdf

• CASASSA MONT, MARCO, “Dealing with Privacy Obligations: Important Aspects and Tech-

nical Approaches”, In KATSIKAS, SOKRATIS K., LOPEZ JAVIER PERNUL GÜNTHER (ed.),

Trust and Privacy in Digital Business, Volume 3184, Lecture Notes in Computer Science,

Springer, 2004 , http://dx.doi.org/10.1007/b99832, op. cit. (as in n. ??)

• CASASSA MONT, MARCO, A System to Handle Privacy Obligations in Enterprsies, HP,

2005, HP Technical Report , http://www.hpl.hp.com/techreports/2005/HPL-2005-180.

html, op. cit. (as in n. ??)82 CASASSA MONT, On the Need to Explicitly Manage Privacy Obligation Policies as Part of Good Data Handling

Practices, op. cit. (as in n. ??), p. 2.83 CASASSA MONT, On the Need to Explicitly Manage Privacy Obligation Policies as Part of Good Data Handling

Practices, op. cit. (as in n. ??), p. 3 ff.84 PRIME Project: Privacy and Identity Management for Europe, European RTD Integrated Project under the

FP6/IST Programme, http://www.prime-project.eu/, 2006.85 RUNDLE, International Personal Data Protections and Digital Identity Management Tools, op. cit. (as in n. ??),

p. 3; WEITZNER et al., Transparency and End-to-End Accountability: Requirements for Web Privacy PolicyLanguages (as in n. ??).

68

LongRec Compliance State-of-the-Art

4.2 Copyright

Copyright is all but inescapable for any organisation, though some sectors are more affected

than others. For content producing and distributing companies copyright lies at the heart of their

business. With the shift from paper to electronic records, copyright law has greatly increased it’s

influence on the activities of organisations outside the media sector. For instance DNV receives

ships plans in the course of its business, which are copyrighted. Paper records can be read and

archived without copying them, whilst mere display of an electronic record requires copying,

albeit temporaliy, thus triggering copyright law.

The application of copyright law poses a number of legal questions in relation to preservation

and (re)use of these documents. For the sake of clarity, these questions are addressed in relation

to the main archiving processes: ingest, preservation and dissemination. Use of information is

not an archival process but it is an integral part of the life-cycle of documents, therefor it will be

addressed briefly.

4.2.1 Ingest

Copyright law – as the word suggest – governs the making of copies. Ingest of electronic files

entails creation and preservation of at least one copy, thus triggering the application of copyright

rules. The EU Copyright Directive (2001/29/EU) regulates any and all copies made of protected

works: “direct or indirect, temporary or permanent reproduction by any means and in any form”

(Art. 2). For example, permission from the copyrightholder(s) is required to store the plans of a

ship in DNV’s archive.

It should be noted that the copyright laws of all countries contain exceptions which allow copy-

ing without obtaining the copyrightholder’s permission. Generally, these exceptions only apply

outside any economical activity.86

In the interest of compliance, copyright-relevant information should be recorded at the time of

ingest into the corporate archive.

• Who created the document?

• Why am I receiving it into my corporate archive?

• When did I receive it?

• Where did I receive it?86 Exceptions benefitting the press allow for use of copyrighted material without obtaining permission, regardless of

the fact that this may be in the course of a for-profit activity. See for instance Art. 5 §3 c EU Copyright Directive.

69

LongRec Compliance State-of-the-Art

• Who is transferring the document to me and why?

• Who claims ownership of the document?

• Do I claim applicability of a copyright exception? Which one, which jurisdiction? What is

the scope of the exception: store, access by specific persons, access internally in the company,

distribute externally, reuse without external distribution, reuse with external distribution, . . .

• Do I have permission from the copyrightholders to use the document? What is the scope

of the permission? Territorial scope, duration, types of activities permitted: store, access by

specific persons, access internally in the company, distribute externally, reuse without external

distribution, reuse with external distribution, . . .

• Can I claim blanket permission from a collective rights collecting society?

If copyright-protected documents are created within the company, the question arises who is

the copyrightholder. A number of factors determine the answer to this question and these may

differ in various jurisdictions. To illustrate, in some countries the copyright on works created

by employees as part of their designated tasks automatically falls to the employer (e.g. in The

Netherlands). In other countries, the copyright rests with the employee who actually created

the work and transfer of copyright must be explicitely agreed upon (e.g. in Belgium). The

corporate policy dealing with copyright should determine which factors need to be recorded for

each relevant jurisdiction.

For copyright-protected documents transferred to the company, the main concern is usually

knowing what use is permitted. In a business context, very few legal exceptions apply that

allow certain kinds of use without obtaining permission. The general rule is that permission

from the copyrightholder is required. The problem is that is not always easy to find out who the

copyrightholder is. Initially, the copyrightholder is the author of the work. Very frequently, the

creator transfers his rights in whole or in part to someone else or even to several persons at the

same time. In turn these copyrightholders may transfer their rights to others. Since who is the

rightholder is not static, it makes little sense to record it in the metadata of a document, without

adding specific context information. The basis for the rightholder’s claim to copyright owner-

ship should be added, e.g. copyright law (creator), licence agreement or terms of employment.

If available, information about the scope of the copyrightholders claim should be recorded, e.g.

non-exclusive worldwide licence. Finally, it may be useful to add status information about the

copyrightholders claim, especially if the claim is the object of a legal dispute. The time at which

these elements were recorded should be included, as copyright ownership may change hands

afterwards without being known to the organisation holding the work in its posession.

Tying documents to the copyright licences that govern their use should allow for a compliance

analysis to be made whenever necessary. The corporate policy should determine if an analysis

70

LongRec Compliance State-of-the-Art

must be made immediately upon receipt and if so which types of use must be addressed. The

two main categories of use are reproduction and communication to the public.

It is very common for documents to contain contributions from various people. Either because

documents are the result of a joint effort (ie co-authors of a study, team of engineers designing

a ship, . . . ), or because existing material is repurposed for use in new works (ie modification of

software, incorporating existing designs into the blueprints for a new ship, . . . ). Keeping track

of who contributed what and under which (legal) conditions is an enormous challenge.

4.2.2 Preservation

Long-term preservation will generally require that a great number of documents are converted

into new formats. Given the broad meaning most copyright laws give to the notion of reproduc-

tion, such conversion operations would in principle require permission from the copyrighthold-

ers (unless an exception applies). The question then is whether or not separate permission must

be obtained for the conversion to be legitimate.

Additional complications arise when technical protection measures must be removed or cir-

cumvented to ensure long-term preservation and/or availability, or in case rights management

information related to copyright is removed or manipulated in the process. Following the WIPO

treaty on these matters, most countries have more or less outlawed circumvention of technical

protection measures and removal of rights management information. It should be noted that such

actions are now criminal offences in many jurisdictions.

4.2.3 Dissemination

The ultimate goal of preservation is to make documents available to authorized parties when

required. Making copyrighted materials available electronically raises questions as to whether

this an activity covered by copyright. The EU directive states that ‘making available to the

public of their works in such a way that members of the public may access them from a place

and at a time individually chosen by them’ is covered by copyright, just as traditional forms of

communication to the public are. As a matter of principle, it doesn’t matter how many people

have access: one person, a few people, or the whole world. It is a matter of interpretation wether

employees of a company are ‘members of the public’.87 Thus, it should be checked whether

the permission to copy a document into the corporate archive also covers making it available

electronically internally and/or externally.87 For instance in Belgium only use within the family is explicitly considered use ‘not in public’.

71

LongRec Compliance State-of-the-Art

This problem doesn’t arise as such with copyrighted materials in tangible form, ie. paper books.

Reading a book is not an act subject to the control of the copyrightholder. As a note, distribution

of tangible copies – for sale, for rent or for loan – is generally governed by copyright.

4.2.4 (Re)Use

Mere ‘consumption’ (reading, viewing, hearing) of copyrighted materials was traditionally not

regulated by copyright. Copyright was meant to ensure the author an exclusive right of exploita-

tion of his work, not to control every form of use by the public of the work. As indicated above,

the shift from paper to electronic documents thoroughly changed how copyright works. Dis-

playing a digital object on screen necessitates at least one copy to be made in the computer’s

working memory. No matter how fleeting, this copy enough for copyright restrictions to ap-

ply. In theory, this would make viewing a website illegal unless the copyright holder granted a

licence. Fortunately, broad exemptions were enacted to still allow for mere consumption. As

always with exemptions, determining their limits may not be straightforward and differences

between countries may exist.

Another matter entirely is reuse of copyrighted works to create other works, examples are trans-

lation, citation, compilation, . . . It is impossible to list all the situations in which existing works

are transformed in the process of creating new ones. It is equally impossible to give a general

answer as to when such reuse is permissable. The goal of copyright metadata is not to anticipate

future uses and determine if they are permitted. Once reuse is being considered, copyright meta-

data should provide the information necessary to determine efficiently under which conditions

that reuse is permitted.

To give a simple example, if copyright metadata indicates that a work was created by an em-

ployee and that in the relevant jurisdiction copyright is automatically assigned to the employer,

the question of reuse is quickly resolved. The same is true if the metadata indicates that copy-

right was signed over to the organisation. Without sufficient metadata an investigation has to be

launched into who owns the copyright.

When copyrighted works are reused in the creation of other works, recording the relationship

between the source and the resulting document is of great value. Depending on the circum-

stances, the conditions for use of the source influence the conditions for creation, preservation,

dissemination and use of the resulting work.

72

LongRec Compliance State-of-the-Art

4.2.5 Requirements

What follows is a list of requirements for a copyright compliance metadata schema. Each re-

quirement is summarized in a short label, which will be used in the sections below discussing a

number of existing copyright-related metadata schemas.

Be able to unambiguously identify documents What?

Be able to register what jurisdiction documents ‘live’ in. Where was the document created Jurisdic-tion(s)?

or where did I receive it? Determining relevant jurisdictions is very difficult in multinationals.

Documents may be created/received in one country, be stored in another country and sent to

any number of additional countries. Perhaps not absolutely ALL documents need to have meta-

data added about which jurisdictions it has been in, but the metadata model ought to offer the

possibility.

Be able to tag all documents that the company considers copyright protected. Already this Copyrightedinjurisdiction?is a question of interpretation and depends on the jurisdiction in which the question is posed.

Designs for a ship or an oil platform are obvious examples of copyright-protected materials. Re-

ports and studies are in all likelihood copyright-protected as well. Much less clear is whether and

under which circumstances ordinary business letters or e-mails would be copyright-protected.

Where collections of documents are tagged as being copyrighted and to be living in one or more

jurisdictions, it should be possible to point to the relevant copyright regulation per jurisdiction.

For instance, the collection of documents tagged with EU country jurisdictions could point to

the relevant EU directives on copyright.

This is only a first step in copyright compliance. Being able to point to copyright regulation –

intermediated through corporate policies – only provides background information.

For individual documents, the relevant circumstances of their creation within the company or

transfer to the company should be recorded, allowing a compliance analysis to take place when-

ever required.

Be able to record the origin of the document. For works created within the organisation, Origin:creator?metadata should record who was involved in creation. Who created a copyrighted work is es-

sential in determining the term of copyright protection since this depends on the date of death of

the author(s).

For documents created outside the organisation, investigating who was involved in its creation Origin:source?

is often not cost-effective, unless in case of works made to order. Recording the source of the

73

LongRec Compliance State-of-the-Art

document and the reason for its transfer, should be feasible in most cases and will provide a lead

if later on it becomes necessary to fully investigate copyright ownership and use conditions.

Be able to record information about claims of copyright ownership laid to works

Who is the claimant? Does the initial creator still own the copyright or has it been transferred? CopyrightClaim: who?

What is the basis for the claim? The law, agreements or verdicts may be the basis for the claim CopyrightClaim:basis?to copyright ownership.

What is the scope of the claim? Claims can be limited in space and/or time, notably because the CopyrightClaim:scope?claimant only obtained a licence with a limited scope.

Status of the claim? Is the claim under dispute? CopyrightClaim:status?Be able to record events pertaining to documents When a document was created, received,Events?

disseminated, reused is important for the application of copyright regulation and copyright

agreements.

Be able to link documents to copyright agreements about them. Copyright agreements may Licence?

be found in individual licence agreements, in employee contractual clauser or also in blanket

licences negotiated with collective rights collecting societies.

Being able to find agreements quickly, allows to determine more efficiently what my usage rights

are: Do I have permission from the copyrightholders to use the document? What is the scope

of the permission? Territorial scope, duration, types of activities permitted: store, access by

specific persons, access internally in the company, distribute externally, reuse without external

distribution, reuse with external distribution, . . .

Be able to link to particular copyright exemptions In some case, copyright law itself grants Exemption injurisdiction?

permission to use copyrighted works under certain conditions. Being able to determine which

exemption is invoked in which jurisdiction(s) allows to determine more efficent what my usage

rights are: What is the scope of the exception: store, access by specific persons, access internally

in the company, distribute externally, reuse without external distribution, reuse with external

distribution, . . .

Be able to link work processes to handling of copyrighted works Why?

Both copyright agreements and copyright exemptions often tie usage rights to particular work

processes. For instance, under the EU Copyright Directive, certain archives may disseminate

works but only for the purpose of research or private study by the recipient.88

Be able to record the relationschip between documents Where (portions of) works are reused Relation-ship?

88 Art. 5 §3 n EU Copyright Directive.

74

LongRec Compliance State-of-the-Art

to create new works, ideally this relationship would be recorded in metadata. If at any time ques-

tions arise whether the resulting work as such or a particular use made of it infringes copyright,

such metadata provides valuable leads.

4.2.6 Existing metadata models for copyright

Many metadata models exist that deal in more or less detail with copyright issues. The focus

is usually on particular transactions for the use of copyrighted content, thus describing only

particular actions that are permitted. It comes as no surprise that copyright metadata has received

attention from sectors as the recording industry, publishers and television and movie industries,

as copyright underpins their current business model.

IFLA: Functional Requirements for Bibliographic Records The IFLA (International Fed-

eration of Library Associations and Institutions) published its ‘Functional Requirements for Bib-

liographic Records’ (FRBR) in 1997, describing an entity-relationship model of bibliographic

records.89 The aim was to help libraries design better cataloguing systems and enable more ef-

ficient exchange of metadata. FRBR itself is not designed to manage copyright information, but

can serve as a fundamental building block.

In FRBR a distinction is made between the following entities:

WORK -> EXPRESSION -> MANIFESTATION -> ITEM

A work is a “distinct intellectual or artistic creation. There is no single material object one can

point to as the work.”90 A work once existed as an idea in the mind of its creator(s) and in the

model serves to group together everything that has sprung from that idea.

An expression is the “intellectual or artistic realization of a work in the form of alpha-numeric,

musical, or choreographic notation, sound, image, object, movement, etc., or any combination

of such forms.”91

A manifestation represents the “physical embodiment of an expression of a work. The entity

defined as manifestation encompasses a wide range of materials, including manuscripts, books,

periodicals, maps, posters, sound recordings, films, video recordings, CD-ROMs, multimedia89 IFLA STUDY GROUP ON THE FUNCTIONAL REQUIREMENTS FOR BIBLIOGRAPHIC RECORDS, Functional

Requirements for Bibliographic Records, München, K.G. Saur, 199890 IFLA STUDY GROUP ON THE FUNCTIONAL REQUIREMENTS FOR BIBLIOGRAPHIC RECORDS, Functional

Requirements for Bibliographic Records, op. cit. (as in n. ??), p. 16.91 IFLA STUDY GROUP ON THE FUNCTIONAL REQUIREMENTS FOR BIBLIOGRAPHIC RECORDS, Functional

Requirements for Bibliographic Records, op. cit. (as in n. ??), p. 18.

75

LongRec Compliance State-of-the-Art

kits, etc. As an entity, manifestation represents all the physical objects that bear the same char-

acteristics, in respect to both intellectual content and physical form.”92

An item is a “single exemplar of a manifestation.”93

An example may make these entities more clear.

An item is something you have in your archive, e.g. a particular Lord of The Rings Trilogy Ex-

tended Version DVD set in good condition. This item is an exemplar of a large series of identical

items, all the Lord of The Rings Trilogy Extended Version DVD sets, which represent a mani-

festation. Apart from the LOTR Trilogy Extended Version DVD’s, there is also the manifestion

in the form of VHS video, and also manifestion which is the (unique) Production Master.

All these manifestations are representations of one expression, namely the Lord of the Rings

Extended Version motion picture.

Related expressions are: LOTR cinema version and LOTR Sound track. All these expressions

relate to one work, namely the LOTR as it was conceived of by Peter Jackson.

This work is related to the work of Tolkien, also known under the name Lord of the Rings.

Tolkien expressed his conception of LOTR as a written text (expression). The initial manifesta-

tion was the unique author’s manuscript. Since then, many manifestations have been published.

Items of LOTR are available in most public libraries.

The FRBR model also defines the entities ‘person’ and ‘corporate body’. Both of these entities

can be tied to works, expressions, manifestations and items. This expresses what a person or

corporation has done in relation to a work, e.g. create or realize. The metadata defined in the

FRBR does not allow to record the scope of a person’s rights or claims in relation to a work,

manifestation, expression or item.

Finally, FRBR models the subject of works in ‘concepts’, ‘objects’, ‘events’ and ‘places’. Of

course, works may also take persons or corporate bodies, as well as other works, expressions,

manifestations and even items as their subject.

The model describes what exists, but not why it exists. The perspective of the content producer

is not addressed and there are no entities and relationships to express the responsabilities and

rights in the creation of the expression/manifestation/items.

The strength of this model lies in the differentiation it makes between the levels of existence of

records, from the highly abstract ‘work’ to the very concrete ‘item’. These levels can be found92 IFLA STUDY GROUP ON THE FUNCTIONAL REQUIREMENTS FOR BIBLIOGRAPHIC RECORDS, Functional

Requirements for Bibliographic Records, op. cit. (as in n. ??), p. 20.93 IFLA STUDY GROUP ON THE FUNCTIONAL REQUIREMENTS FOR BIBLIOGRAPHIC RECORDS, Functional

Requirements for Bibliographic Records, op. cit. (as in n. ??), p. 20.

76

LongRec Compliance State-of-the-Art

implicitely in copyright law’s provisions. Using the FRBR model allows to attach copyright

metadata to the right level and avoid unnecessary duplication. Also it allows for great precision

in determining the relationship between different copyrighted records.

It should be noted however that the terms work and expression are used in the FRBR in a specific

sense, which does not correspond completely to the meaning attached to these terms in copyright

law. In copyright law a ‘work’ is not the concept in the author’s head but it is an original idea

which has been realized in a certain form. In other words, a ‘work’ is an expressed original

idea. Copyright law gives the author the exclusive right to create identical copies of his work

and to create adaptations of it. Using the terms of FRBR, copyright law attaches these rights to

expressions, with consequences for the production of manifestations and items: the creator has

the exclusive right to produce items of a manifestation (reproductions), as well as to produce

variant manifestations (reproductions) and manifestations of adapted expressions of the initial

manifestation (adaptations).

Besides its obvious uses as a foundation for copyright metadata schemas, de Oliveira Lima

suggests FRBR could also serve as a model for describing legal norms and the relationships

between them.94

Further reading

• IFLA Cataloguing Section: FRBR Review Group http://www.ifla.org/VII/s13/

wgfrbr/

• TILLETT, BARBARA, What is FRBR? A conceptual model for the bibliographic universe,

Washington D.C., U.S.A., Library of Congress, 2004 , http://www.loc.gov/cds/

downloads/FRBR.PDF

• BEARMAN, DAVID et al., “A common model to support interoperable metadata”, D-Lib Mag-

azine, Vol. 5 1999, Nr. 1 , http://www.dlib.org/dlib/january99/bearman/

01bearman.html

• IANNELLA, RENATO, “Digital Rights Management (DRM) Architectures”, D-Lib Magazine,

Vol. 7 2001, Nr. 6 , http://www.dlib.org/dlib/june01/iannella/06iannella.

html

• DE OLIVEIRA LIMA, JOÃO ALBERTO, “An Adaptation of the FRBR Model to Legal Norms”,

In BIAGIOLI, CARLO, FRANCESCONI ENRICO SARTOR GIOVANNI (ed.), Proceedings of94 DE OLIVEIRA LIMA, JOÃO ALBERTO, “An Adaptation of the FRBR Model to Legal Norms”, In BIAGIOLI,

CARLO, FRANCESCONI ENRICO SARTOR GIOVANNI (ed.), Proceedings of of the V Legislative XML Workshop,European Press Academic Publishing, 2007 , http://www.e-p-a-p.com/dlib/9788883980466/art4.pdf.

77

LongRec Compliance State-of-the-Art

of the V Legislative XML Workshop, European Press Academic Publishing, 2007 , http:

//www.e-p-a-p.com/dlib/9788883980466/art4.pdf, op. cit. (as in n. ??)

Indecs The Indecs project aimed to develop “a genre-neutral framework among rights-holders

for electronic IPR trading so that companies which at present are record companies, film compa-

nies, book and music publishers can trade their creations in a coherent single marketplace.” The

project partners realised there was a gap to bridge between descriptive metadata (the expertise

of cataloguing institutions) and rights metadata. In this light it is useful to see inhowfar it could

serve as an extension of FRBR.

The principle of unique identification of entities is a cornerstone of interoperable metadata ac-

cording to Indecs.95 It should be possible to identify an entity whenever it needs to be distin-

guished (principle of functional granularity).96 Indecs Metadata Dictionary contains references

to a number of external identification systems.97

Indecs defines as its overarching concept ‘creations’, which are any product of human imagina- What?

tion and/or endeavour by one or more parties in which rights may exist.

Creations are broken down in a number of types:

INDECS term Definition FRBF termArtefact A creation which is a thing /Abstraction A creation which is a concept WorkExpression An event which is a creation ExpressionManifestation An artefact containing an infixion of an expression ManifestationItem A single instance of an artefact ItemFormat An artefact on which an expression may be infixed

to create a manifestation/

“The main function of these distinctions is that each of these different types of cre-

ation may give rise to a different intellectual property right; for example, in an audio

CD there are separate rights in the physical product (manifestation), the recorded

performances (expressions) and the songs performed (abstractions), and these each

require distinct metadata at some point in the commerce chain. These rights have

different values in different jurisdictions, and will commonly be owned or con-

trolled by different people and organisations. While music is used as an example,95 RUST, GODFREY, BIDE MARK (ed.), The indecs metadata framework, Principles, model and data dictionary,

Indecs, 2000 , http://www.doi.org/topics/indecs/indecs_framework_2000.pdf, p. 9.96 RUST, The indecs metadata framework, Principles, model and data dictionary, op. cit. (as in n. ??), p. 10.97 RUST, The indecs metadata framework, Principles, model and data dictionary, op. cit. (as in n. ??), p. 28.

78

LongRec Compliance State-of-the-Art

parallel situations exist for all other genres of creation. Without the clear structural

distinctions of this kind, effective rights management is impossible.”98

Through creation-to-creation roles, the model allows to express how existing creations were Relation-ship?Origin:creator?

reused in new ones.99 The act of reuse is an event in which specific agents participate, having

inputs – existing creation(s) – and outputs – new creations.100

INDECS goes a step further than describing what is. The model also captures certain actions in

relation to them:

• people make creations

• people use creations

• people do transactions about creations.

Besides actions, the model also captures the fact that people may have certain claims over spe-

cific entities:

• people make intellectual property

• people use intellectual property

• people own rights in intellectual property

Making and using creations are modelled as events, creatingEvent and usingEvent respec- Jurisdic-tion(s)?

tively.101 The place where the creation was made or used can be noted in the context element.102

Transactions, contained in agreements, are also a particular kind of event (see further).

The Indecs models provides a very refined set of elements to determine precisely what role an Origin:creator?Origin:source?

agent has in the making, using or doing transactions about creations.103

The strength of the Indecs model is that it doesn not attempt to ‘summarize’ all the intellectual

property regimes of the world into it’s own terms. In stead it designs a separate ‘namespace’ for

these legal concepts. The namespace has two legal entities, ipTypes and ipRights. ipTypes is any

category of creations that is covered by an intellectual property right anywhere in the world.104

98 RUST, The indecs metadata framework, Principles, model and data dictionary, op. cit. (as in n. ??), p. 26.99 RUST, The indecs metadata framework, Principles, model and data dictionary, op. cit. (as in n. ??), p. 29.

100 RUST, The indecs metadata framework, Principles, model and data dictionary, op. cit. (as in n. ??), p. 21 ff.101 RUST, The indecs metadata framework, Principles, model and data dictionary, op. cit. (as in n. ??), p. 21 ff.102 RUST, The indecs metadata framework, Principles, model and data dictionary, op. cit. (as in n. ??), p. 19.103 RUST, The indecs metadata framework, Principles, model and data dictionary, op. cit. (as in n. ??), p. 19.104 RUST, The indecs metadata framework, Principles, model and data dictionary, op. cit. (as in n. ??), p. 30.

79

LongRec Compliance State-of-the-Art

ipType DefinitionWork As defined by the Berne Convention for the Protec-

tion of Literary and Artistic work Works, the WIPOCopyright Treaty and the TRIPS Agreement

Performance As defined by the International Convention for theProtection of Performers, performance Producers ofPhonograms and Broadcasting Organisations (RomeConvention), the WIPO Performances and Phono-grams Treaty and the TRIPS Agreement

CriticalOrScientificPublication As defined by Art. 5 of the European Directive har-monising the term of protection of copyright and cer-tain related rights Scientific Publication

GovernmentTextsBelgium As defined by Art. 8 §2 Belgian Copyright Act

An ipRight is the “authority granted by law or international convention to do or to authorise Copyrightedinjurisdiction?another person to do a defined act to intellectual property”105

In the model iprStatement forms the tie between people and the creations over which they hold Licence?

intellectual property.106 By way of IPR agreements, rights to intellectual property can be passed

on to another person.107

Agreements are concluded by parties, who were either invested with intellectual property rights CopyrightClaim: who?CopyrightClaim:basis?

by the law or by other agreements.108

The terms of the agreement are modelled in the elements ‘permission’, ‘requirement’, ‘prohibi-CopyrightClaim:scope?

tion’, ‘iprTransfer’.109 This can be used to describe the scope of the agreement.

Because the aim of Indecs is to allow metadata from a variety of sources to interoperate, the CopyrightClaim:status?

reliability of the metadata is a concern. This is addressed by the defining ‘assertions’, being an

event in which a party makes a claim of veracity about something.110 Possibly the fact that a

copyright claim is the subject of a legal dispute could be seen as a challenge of its veracity.

The main goal of the Indecs model is to support automatisation of transactions regarding intel-

lectual property rights in creations. “Rights transactions depend on a ‘chain’ of grants of rights

and of permissions: this chain is established initially by law or statute, in what may be viewed105 RUST, The indecs metadata framework, Principles, model and data dictionary, op. cit. (as in n. ??), p. 15.106 RUST, The indecs metadata framework, Principles, model and data dictionary, op. cit. (as in n. ??), p. 32.107 RUST, The indecs metadata framework, Principles, model and data dictionary, op. cit. (as in n. ??), p. 32 ff.108 RUST, The indecs metadata framework, Principles, model and data dictionary, op. cit. (as in n. ??), p. 15 and

30 ff.109 RUST, The indecs metadata framework, Principles, model and data dictionary, op. cit. (as in n. ??), p. 33.110 RUST, The indecs metadata framework, Principles, model and data dictionary, op. cit. (as in n. ??), p. 35 ff.

80

LongRec Compliance State-of-the-Art

as the original binding agreement that confers rights to a person. Whether the laws are con-

cerned with copyright, patent law or other forms of ip is unimportant for the operation of the

framework.”

The Indecs project is tailored to the needs for e-commerce in the creative industries. Of course

the issue of who owns which rights in what creation is the same for a movie production company

as it is in any other industry. Further research is required to figure out precisely how far the

Indecs model can help towards copyright compliance and where extensions may be needed.

Is the entity ipTypes robust yet flexible enough to deal with all the intellectual property laws a

multinational encounters and the changes they see over time? Where do corporate policies fit

into the model, if at all, prescribing for instance when IPR agreements are permissible and what

they should state? Is there a need for more clarification of the business context?

Additionally, further research should show inhowfar the Indecs model could be expanded for

use in other legal domains, for instance compliance with data protection rules, enforcement of

confidentiality agreements, etc.

Requirement Metadata element CommentWhat? Creation identifiersJurisdiction(s)? (event + role.context.place) Event includes makingEvent and

usingEvent.Copyrighted in jurisdiction? (ipType + role.context.place) +

(ipRight + role.context.place)A particular kind of creation (ipType) isrecognized in a country as giving rise tocopyright (ipRight) with a particular terri-torial scope.

Origin: creator? Agent role: contributor, cre-ator, modifier, excerpter, com-piler, etc.

Origin: source? Agent role: disseminatorCopyright Claim: who? person, party The law grants intellectual property to

‘persons’. Agreements about the transferof intellectual property are concluded by‘parties’.

Copyright Claim: basis? IntellectualPropertyRight,agreement.output, iprState-ment

Copyright Claim: scope? output of agreement (permis-sion, requirement, prohibition,iprTransfer)

81

LongRec Compliance State-of-the-Art

Requirement Metadata element CommentCopyright Claim: status? assertion? An assertion is an event in which a party

makes a claim of veracity about some-thing. The fact that a copyright claim isthe subject of a legal dispute could be seenas a challenge of its veracity.

Events? (event + role.context.time)Licence? agreementExemption in jurisdiction? iprStatement? According to the model, iprStatement de-

scribes the ownership of intellectual prop-erty right in a creation or the entitle-ment to agree its exploitation. One mightconsider encoding the reverse in iprState-ments as well, namely the prohibition todisagree with certain use, which is essen-tially what a copyright exemption does.

Why? /Relationship? Creation-to-creation relation

roles

Further reading

• RUST, GODFREY, BIDE MARK (ed.), The indecs metadata framework, Principles, model and

data dictionary, Indecs, 2000 , http://www.doi.org/topics/indecs/indecs_

framework_2000.pdf, op. cit. (as in n. ??) http://www.doi.org/topics/indecs/

indecs_framework_2000.pdf.

• http://xml.coverpages.org/indecs2rdd.html.

Dublin Core Metadata Initiative The most well-known product of the Dublic Core Meta-

data Initiative is ‘Simple Dublin Core’, a set of 15 essential metadata elements to describe in-

formation resources with. Simple Dublic Core has been formally accepted by a number of

standardization bodies:

• ISO Standard 15836-2003 of February 2003 [ISO15836]

• ANSI/NISO Standard Z39.85-2007 of May 2007 [NISOZ3985]

• IETF RFC 5013 of August 2007 [RFC5013]

82

LongRec Compliance State-of-the-Art

“The Dublin Core Metadata Element Set is a vocabulary of fifteen properties for use

in resource description. The name ‘Dublin’ is due to its origin at a 1995 invitational

workshop in Dublin, Ohio; ‘core’ because its elements are broad and generic, usable

for describing a wide range of resources.

The fifteen element ‘Dublin Core’ described in this standard is part of a larger set of

metadata vocabularies and technical specifications maintained by the Dublin Core

Metadata Initiative (DCMI). The full set of vocabularies, DCMI Metadata Terms

[DCMI-TERMS], also includes sets of resource classes (including the DCMI Type

Vocabulary [DCMI-TYPE]), vocabulary encoding schemes, and syntax encoding

schemes. The terms in DCMI vocabularies are intended to be used in combination

with terms from other, compatible vocabularies in the context of application profiles

and on the basis of the DCMI Abstract Model [DCAM].”111

The elements are briefly reviewed in what follows. In the margin reference is made to the

requirements listed above to identify which metadata elements may used to fulfill them in part

or in whole.

Title: a name given to the resource

What?

• The title is an important element allowing to identify the information object. Various objects

may share the same name, thus more information is often required to provide unique identifi-

cation.

Identifier: an unambiguous reference to the resource within a given content (URL,ISBN. . . ) What?

Creator: an entity primarily responsible for making the content of the resource (a person, Origin:creator?an organization, or a service)

• The creator is a potential copyright claimant, but not necesserily the current copyright holder.

Duration of copyright is calculated as lifetime of the creator plus a fixed number of years.

Knowing who the creator is, provides a clue on what the origin of the object is.

Publisher: an entity responsible for making the resource available (a person, an organiza- Origin:source?tion, or a service)

• The publisher is also a potential copyright claimant, but not necesserily current copyright

holder. The term ‘publisher’ often has a quite narrow meaning in the law, it is unclear how111 http://dublincore.org/documents/dces/.

83

LongRec Compliance State-of-the-Art

broad the term is meant here. Knowing who the publisher is, provides a clue on what the

origin of the object is.

Contributor: an entity responsible for making contributions to the content of the resource Origin:creator?(a person, an organization, or a service)

• A contributor is a potential copyright claimant, not necesserily current copyright holder. Know-

ing who the contributor is, provides a clue on what the origin of the object is. Duration of

copyright protection may alse depend on the lifetime of contributors, as is the case for cre-

ators.

Date: A date of an event in the lifecycle of the resource (form YYYY-MM-DD) Events?

• Some dates are relevant for the existence of legal claims, notable in the case of copyright.

• The following refinements exist for the element Date112

• Date.created: Date of creation of the resource• Date.dateCopyrighted: Date of a statement of copyright.

– = this has some relevance in the U.S. for instance

• Date.issued: Date of formal issuance (e.g., publication) of the resource.

– = in Belgium, this date marks the start of copyright term for anonymous works

• To determine the term of copyright protection, a number of other dates should be recorded,

which are not currently described by the Dublin Core Metadata Initiative:

– Date of death of the Creator: date.deathCreator: copyright expires 70 years after death of

the Creator

– Date of death of the Contributor: date.deathContributor: copyright expires 70 years after

death of the (last) Contributor

Rights: information about rights held in and over the resource Licence?

• Typically a Rights element will contain a rights management statement for the resource, or

reference a service providing such information. Rights information often encompasses Intel-

lectual Property Rights (IPR), Copyright, and various Property Rights. If the rights element is

absent, no assumptions can be made about the status of these and other rights with respect to

the resource.113

112 http://dublincore.org/documents/usageguide/qualifiers.shtml.113 http://dublincore.org/documents/usageguide/elements.shtml.

84

LongRec Compliance State-of-the-Art

• The Rights element can be used to record whether there is a copyright notice on the resource.

• There are only a few refinements available for the Rights element: Access Rights and Licence

• Rights.accessRights: Information about who can access the resource or an indication ofits security status.

• Rights.licence: A legal document giving official permission to do something with theresource.

• Using this refinement allows to point to a particular licence tied to an information object, e.g.

Creative Commons, GPL or proprietary licence agreement.

• This element wasn’t designed to document the entire legal history of an object, it is unclear

how much it could describe.

• Can the Rights element be used to record legal claims anyone may state to have over the

resource, e.g. claims deriving from trademark, defamation, tort, data protection, . . .

CopyrightClaim: who?

• Simple Dublin Core does not describe who owns – or at least claims – rights over a resource.

This is solved in Qualified Dublin Core, which adds the element Rightsholder:

• Rightsholder: A person or organization owning or managing rights over the resource.• This element was designed to capture copyright information, it is unclear how well it would

serve to describe all other legal claims a person or organization may state on a resource.

Source: a reference to a resource from which the present resource is derived

• Derivative works of copyrighted materials require permission for their creation or legal ex-

emption on copyright.

• There are no refinements defined for the Source element. As such, it doesn’t appear possi-

ble to describe in Simple Dublin Core why the derivative was made (business process) or to

document whether and where permission was obtained to do so.

Relation: a reference to a related resource Relation-ship?

• Relation.hasPart: The described resource includes the referenced resource either physi-cally or logically.

• Relation.isPartOf: The described resource is a physical or logical part of the referencedresource.

85

LongRec Compliance State-of-the-Art

• Relation.hasVersion: The described resource has a version, edition, or adaptation, namely,the referenced resource.

– A derivative has been made of this resource

• Relation.isVersionOf: The described resource is a version, edition, or adaptation of thereferenced resource. Changes in version imply substantive changes in content ratherthan differences in format.

– This resource is a derivative of . . . . Is there a way to record whether the derivative was

made with permission or whether a compulsory licence applies?

• Relation.hasFormat: The described resource pre-existed the referenced resource, whichis essentially the same intellectual content presented in another format.

– A copy or derivative has been made of this resource. Is there a way to record whether the

copy or derivative was made with permission or whether a compulsory licence applies?

• Relation.isFormatOf: The described resource is the same intellectual content of the ref-erenced resource, but presented in another format.

– This resource is a copy or derivative of . . . . Is there a way to record whether the copy or

derivative was made with permission or whether a compulsory licence applies?

• Relation.references: The described resource references, cites, or otherwise points to thereferenced resource.

– Expresses a link between files. For instance to link a parody with an original, or a right of

reply to incorrect or slanderous material. Is there a way to record whether the reference

was made with permission or whether a compulsory licence applies?

• Relation.isReferencedBy: The described resource is referenced, cited, or otherwise pointedto by the referenced resource.

– Expresses a link between files. For instance to link a parody with an original, or a right of

reply to incorrect or slanderous material. For instance to link a parody with an original, or

a right of reply to incorrect or slanderous material. Is there a way to record whether the

reference was made with permission or whether a compulsory licence applies?

• Relation.replaces: The described resource is supplanted, displaced, or superseded bythe referenced resource. When establishing a chain of versions, where only one versionis valid, the use of isReplacedBy and Replaces allows the relationship to be expressed andthe user directed to the appropriate version. In this case, the reciprocal relationships arequite important.

• Relation.isReplacedBy: The described resource supplants, displaces, or supersedes thereferenced resource.

86

LongRec Compliance State-of-the-Art

• Relation.requires: The described resource requires the referenced resource to supportits function, delivery, or coherence of content. In the case of IsRequiredBy and Requires,there is a clearer need to express the Requires relationship than the IsRequiredBy, thoughboth can be useful. This relationship is most often seen in relationships between softwareand documents or applications and hardware and/or software requirements.

• Relation.isRequiredBy: The described resource is required by the referenced resource,either physically or logically.

Subject: a topic of the content of the resource (keywords, key phrases, or classificationcodes)

Description: an account of the content of the resource (an abstract or a table of contents)

Type: the nature of genre of the content of the resource

Format: the physical or digital manifestation of the resource (media type or dimensions ofthe resource)

Language: a language of the intellectual content of the resource (RFC3066 and ISO639recommended)

Coverage: the extent or scope of the content of the resource. Coverage will typically includespatial location (a place name or geographic co-ordinates), temporal period (a period label,date, or date range) or jurisdiction (such as a named administrative entity).

• Tying a resource spatial and temporal data is the most common use made of this element.

Using Coverage to specify jurisdiction is less common. It is unclear how the element Coverage

(jurisdiction) should be interpreted. Does it state in which jurisdiction the resource was created

or wich jurisdiction(s) claims applicability?

• It should be noted that Coverage describes the resource as a whole. Thus is would seem this

element can not be used in conjunction with Rights de describe in which jurisdiction described

Rights pertain.

Provenance: A statement of any changes in ownership and custody of the resource sinceits creation that are significant for its authenticity, integrity and interpretation. The state-ment may include a description of any changes successive custodians made to the resource.Provenance is a part of Qualified Dublin Core.

Dublin Core is designed to describe what an information object is. It is not designed to describe

why it exists or how it was created. This explains the limitations on the metadata model’s capa-

bility of recording all legal metadata needed for full compliance by the holder of an information

resource.

87

LongRec Compliance State-of-the-Art

Requirement Metadata element CommentWhat? Title, IdentifierJurisdiction(s)? /Copyrighted in jurisdiction? /Origin: creator? Creator, contributorOrigin: source? Publisher, Provenance The publisher is only one possible source,

amongst many others. Inhowfar prove-nance is appropriate for all other sourcesis unclear.

Copyright Claim: who? Rightsholder Element part of Qualified Dublin CoreCopyright Claim: basis?Copyright Claim: scope?Copyright Claim: status?Events? Date A limited list of events.Licence? Rights.licence It is unclear how much information about

agreements can be includedExemption in jurisdiction? /Why? /Relationship? Source, Relation

Further reading

• BEARMAN, DAVID et al., “A common model to support interoperable metadata”, D-Lib Mag-

azine, Vol. 5 1999, Nr. 1 , http://www.dlib.org/dlib/january99/bearman/

01bearman.html, op. cit. (as in n. ??)

• RUST, GODFREY, “Metadata: The Right Approach”, D-Lib Magazine, 1998 , http://

www.dlib.org/dlib/july98/rust/07rust.html

• DEKKERS, MAKX, WEIBEL STUART, “State of the Dublin Core Metadata Initiative”, D-

Lib Magazine, Vol. 9 2003, Nr. 4 , http://dlib.org/dlib/april03/weibel/

04weibel.html

California Digital Library - CopyrightMD Schema CopyrightMD Schema http://

www.cdlib.org/inside/projects/rights/schema/ v. 0.9

“From 2005 through 2006, RMG did an analysis of the functional requirements re-

lated to copyright metadata, identified key data elements for expressing copyright

88

LongRec Compliance State-of-the-Art

metadata, and formalized these elements in the copyrightMD XML schema. A

beta version of the schema is now available, with documentation and usage guide-

lines.”114

The overarching element of the CopyrightMD schema is Copyright. The attributes Copyright.status

(e.g. copyrighted, public domain, unknown) and Publication.status (e.g. published, unpublished,

unknown) must be filled in for the metadata record to be valid. All other elements are optional.

There are 7 groups of subelements available. Their use is explained in the User Guidelines.115

In the margin reference is made to the requirements listed above to identify which metadata

elements may used to fulfill them in part or in whole.

Creation: Wrapper element for information about the creation of the resource. Non-repeatable.

Events?

• Year.creation: Contains the year the resource was created. Non-Repeatable.

Jurisdic-tion(s)?Copyrightedinjurisdiction?

• Country.creation: Contains the name of the country in which the resource was created. Non-

repeatable.

Creator Origin:creator?

• Creator.corporate: Contains the name of a corporate entity responsible for creating the re-

source. Repeatable.

• Creator.person: Wrapper element for information regarding an individual responsible for cre-

ating the resource. Repeatable

– Name

– Year.birth:Contains the year of birth of an individual responsible for the creation of the

resource. Non-Repeatable.

– Year.death: Contains the year of death of an individual responsible for the creation of the

resource.

• Note: General information. Repeatable.

Publication: Wrapper element for publication information regarding the resource. Non-repeatable.

Jurisdic-tion(s)?

114 http://www.cdlib.org/inside/projects/rights/record.html. RMG is the Rights Manage-ment Group, see http://www.cdlib.org/inside/groups/rmg/.

115 http://www.cdlib.org/inside/projects/rights/schema/copyrightMD_user_guidelines.pdf

89

LongRec Compliance State-of-the-Art

• Country.publication: Contains the name of the country in which the resource was published.

Non-repeatable.

Origin:source?

• Publisher: Contains the name of the publisher of the resource. Non-repeatable.

Events?

• Year.publication: Contains the year the resource was published. Non-repeatable

Events?

• Year.copyright: Contains the year the resource was copyrighted.

Events?

• Year.renewal: Contains the year the copyright for the resource was renewed. Non-Repeatable.

• Note: General information. Repeatable.

Rights.holder: Wrapper element for information about the rights holder for the resource and

contact information for the rights holder or rights holder’s designee.Non-repeatable.

CopyrightClaim: who?

• Name: name of either an individual or a corporate entity identified as copyright holder for the

resource. Repeatable.

• Contact: Use to provide relevant contact information, when available and not confidential,

for the person or institution to whom a user should address questions regarding usage of or

permissions regarding the resource. Repeatable

• Note: General information. Repeatable.

Notice: Contains the copyright notice as it appears on the resource. Non-repeatable. CopyrightClaim:basis?Services: Wrapper element for information relating to services that might be offered relating to

the resource, such as providing copies. Repeatable.

• Contact: Use to specify the service(s) available and contact information for the person or

institution providing the service(s).

• Note: General information. Repeatable.

General.Note: Contains a general note regarding copyright information for the resource, only

for information that cannot be accommodated in a more specific copyrightMD element.

The CopyrightMD schema was developed in the context of U.S. law, as a result some of the

elements are useful only in the U.S. Some adaptations would be needed in order to make the

schema usable in other jurisdictions. When analysing it from an international perspective, some

obstacles very quickly become apparant.

90

LongRec Compliance State-of-the-Art

To make things more clear, consider the following case:

The same work is in the collection of a U.S. and a Belgian organisation. The U.S. organisation

uses CopyrightMD to describe copyright status of the work, while the Belgian organisation uses

a derived schema called CopyrightMD_BE.

The problems start right in the beginning with the two attributes of the root element ‘copyright’.

The first attribute is called ‘copyright.status’ and it’s possible values are116 :

• copyrighted - Under copyright.

• pd - Public domain: No further information.

• pd_usfed - Public domain: US Federal document.

• pd_holder - Public domain: Item dedicated to the public domain by the rights holder.

• pd_expired - Public domain: Item in the public domain because of expiration of copyright

based on U.S. law.

• unknown - Copyright status of the resource is unknown.

Some of these values are only applicable in the U.S. context, though this is only one symptom

of a bigger issue. The assessment whether a work is under copyright is only valid in relation to a

specific jurisdiction. Copyright terms are different in the U.S. and in Belgium, and are calculated

according to very different rules.117

A similar problem arises with the attribute ‘publication.status’, which can have 3 possible values:

‘published’, ‘unpublished’ and ‘unknown’. This may seem pretty straightforward, but the term

‘published’ has a specific legal meaning in the U.S., that does not correspond with it’s meaning

in other countries. In Belgium, for instance, publication is irrelevant in determining the scope of

copyright or it’s term. The Belgian organisation might be tempted to (mis)use this attribute to

record whether a work was divulged or not, meaning that the author willingly released his work

into the world and as such exercised his moral right of divulgation. Thus, the interpretation of

‘publication.status’ depends on the jurisdiction.

Users comparing the copyright status metadata delivered by the U.S. and Belgian organisation

need qualifying information regarding jurisdiction to correctly interpret these attributes. The

same is true in the case where these organisations would want to exchange copyright metadata.

A simple solution might be to add a third attribute ‘jurisdiction’ with a country code as it’s116 GROUP, RIGHTS DATA MANAGEMENT (ed.), CopyrightMD User Guidelines, Version 0.9, California Digital

Library, 2006 , http://www.cdlib.org/inside/projects/rights/schema/copyrightMD_user_guidelines.pdf, p. 7.

117 DEKEYSER, HANNELORE and LIPINSKI, TOMAS, “Digital Archiving and Copyright Law: A ComparativeAnalysis”, International Journal of Communication Law and Policy, 12 2008 , http://www.ijclp.net/12_2008/pdf/dekeyserlipinski.pdf.

91

LongRec Compliance State-of-the-Art

value. Perhaps these attributes should refer to a thesaurus defining possible values relevant for

that jurisdiction. The adequacy of such a solution needs further investigation, for one because

the relevant jurisdiction might be smaller or larger than a single country. Also, a lot of duplicate

data would be found in metadata describing the copyright status of a work for more than one

jurisdiction.

The publication element is of key importance in U.S. law for the calculation of the copyright

term.118 As indicated above, publication is of little consequence in Belgium.119 This is no major

problem, as the Belgian organisation might simply choose to omit this element or to include it

simply as evidence of divulgation.

Some of the child-elements have very close ties to the U.S. context as well. The ‘year.copyright’

element contains the year the resource was copyrighted, typically based on a copyright notice on

the resource itself.120 This year has no relevance whatsoever in determining copyright term in

Belgium. Likewise, the ‘year.renewal’ element is devoid of meaning in Belgium, as there never

has been a renewal system in place. Both elements are optional and the Belgian organisation can

omit them without trouble.

The creation element is also highly relevant in the U.S. when calculation the copyright term.121

In Belgium, the date of creation (‘year.creation’) is not relevant, though the place of creation is

(‘country.creation’). Foreign works, created outside the EU, are protected just as Belgian works

with the condition of reciprocity.122 All of these elements are optional, allowing the Belgian

organisation to only supply the place of creation.

The creator element plays a different role in U.S. than in Belgian copyright law. Under Belgian

law, the creator of a work is always a physical person. A corporation can become rights holder

but is never the creator. The Belgian organisation should ensure that the (optional) element

‘creator.corporate’ is never encoded for works created in Belgium. As is the case in the U.S. for

personal creations, the year of death is crucial in determining the length of copyright protection.

When it comes to collaborative creations in particular, the role of a co-creator may be of great

importance. For instance, Belgian law provides a list of contributors to audiovisual works who

are presumed by law to be co-creators.123

118 HIRTLE, PETER, Copyright Term and the Public Domain in the United States 1 January 2007, 2007 , http://www.copyright.cornell.edu/training/Hirtle_Public_Domain.htm

119 With the exception of the neighboring right for the first publication of a never-before published public domainwork. Art. 2 §6 BCA.

120 GROUP, CopyrightMD User Guidelines, Version 0.9, op. cit. (as in n. ??), p. 16.121 HIRTLE, Copyright Term and the Public Domain in the United States 1 January 2007, op. cit. (as in n. ??)122 Art. 79 BCA.123 Art. 14 BCA.

92

LongRec Compliance State-of-the-Art

Both the rights holder and services elements may contain very useful information, provided it

is known at what time this information was valid. Information regarding an agent or a rights

collecting society could be stored in one of these elements.

The copyright notice, contained in the notice element, served a particular purpose in U.S. law

at one point. In Belgium, this information is useful, in the sense that the person or corporation

mentioned in the copyright notice may be presumed to be the right holder by all third parties.

One piece of information that is currently not respresented in the schema is information regard-

ing terms of acquisition. The organisation may obtain works in various ways, through contracts,

as a consequence of legal mandates or perhaps a legal privilege. Often, the terms of acquisition

have an impact on the way the works in question may be made accessible to users and used

by them.124 A Belgian archive might invoke the copyright exemption for cultural and scientific

heritage when obtaining certain materials, this fact should be recorded seeing as granting access

to the public is strictly limited by the law.

Even more complicated is the situation of a multinational organisation who would want to use

CopyrightMD to record copyright information. CopyrightMD is currently not flexible enough to

record metadata over different jurisdictions. For instance, as there may only be one publication

block it is not possible to record that a resource was multiple times, specifically in different

countries. Likewise, there can only be one copyright notice tied to a resource. Every resource

is supposed to be created in one country, however more and more resources are the result of

contributions from various countries. Selecting only one country as country of creation may be

artificial and have little significance from a legal point of view.

CopyrightMD describes what a resource is, not why it exists or what the process of creation was.

This limits the value of the schema for use in connection with living documents contained in a

records management system.

Requirement Metadata element CommentWhat? / CopyrightMD is not a standalone meta-

data schema, but used in addition to otherschemas. Identification of the work is leftto the other schema.

Jurisdiction(s)? Country.creation,Country.publication

124 COYLE, KAREN, Rights in the PREMIS Data Model, Washington D.C., U.S.A., Library of Congress,2006 , http://www.loc.gov/standards/premis/Rights-in-the-PREMIS-Data-Model.pdf, p. 25 ff.

93

LongRec Compliance State-of-the-Art

Requirement Metadata element CommentCopyrighted in jurisdiction? Country.creationOrigin: creator? CreatorOrigin: source? PublisherCopyright Claim: who? Rights.holderCopyright Claim: basis? Notice A copyright notice may contain false or

outdated information.Copyright Claim: scope? NoticeCopyright Claim: status? /Events? Year.creation,

Year.publication,Year.copyright,Year.renewal

Licence? /Exemption in jurisdiction? /Why? /Relationship? /

Further reading

• GROUP, RIGHTS DATA MANAGEMENT (ed.), CopyrightMD User Guidelines, Version 0.9,

California Digital Library, 2006 , http://www.cdlib.org/inside/projects/rights/

schema/copyrightMD_user_guidelines.pdf, op. cit. (as in n. ??)

• COYLE, KAREN, “Descriptive metadata for copyright status”, First Monday, 10 2005, Nr. 10

, http://www.firstmonday.org/issues/issue10_10/coyle/index.html

PREMIS

“The Preservation Metadata: Implementation Strategies Working Group, convened

by OCLC and RLG, initially developed the PREMIS data dictionary as a specifica-

tion with the goal of creating an implementable set of ‘core’ preservation metadata

elements, with broad applicability within the digital preservation community. ”125

The Premis working group published its Data Dictionary in 2005, followed by a set of XML

schemas to support their implementation.126 Version 2.0 of the PREMIS Data Dictionary for125 http://www.loc.gov/standards/premis/126 COMMITTEE, PREMIS EDITORIAL, PREMIS Data Dictionary for Preservation Metadata, PREMIS, 2008 ,

http://www.loc.gov/standards/premis/ p. 1.

94

LongRec Compliance State-of-the-Art

Preservation Metadata was published on April 3d 2008. Notably the Rights Entity part of the

standard was revised considerably.

The PREMIS data model defines five entities: Intellectual Entities, Objects, Events, Rights,

and Agents. Each semantic unit defined in the Data Dictionary is a property of one of these

entities.127

Intellectual Entity A set of content that is considered a single intellectual

unit for purposes of management and description: for ex-

ample, a particular book, map, photograph, or database.

An Intellectual Entity can include other Intellectual Enti-

ties; for example, a Web site can include a Web page; a

Web page can include an image. An Intellectual Entity

may have one or more digital representations.

Object (or Digital Object) A discrete unit of information in digital form.

Event An action that involves or impacts at least one Object

or Agent associated with or known by the preservation

repository.

Agent Person, organization, or software program/system associ-

ated with Events in the life of an Object, or with Rights

attached to an Object.

Rights Assertions of one or more rights or permissions pertaining

to an Object and/or Agent.

Instances of Objects, Events, Agents, and Rights statements are uniquely identified through

‘Identifier’ containers, which can refer to external identifier schemas.128

Identifiers are repeatable for Objects and Agents; they are not repeatable for Rights and Events.

Objects and Agents often have multiple identities in a global environment, and across systems,

and therefore are likely to have multiple identifiers. Rights and Events are considered to have

a context limited to a particular preservation repository, and therefore do not require multiple

identifiers.129

127 COMMITTEE, PREMIS Data Dictionary for Preservation Metadata, op. cit. (as in n. ??) p. 5.128 COMMITTEE, PREMIS Data Dictionary for Preservation Metadata, op. cit. (as in n. ??) p. 12.129 COMMITTEE, PREMIS Data Dictionary for Preservation Metadata, op. cit. (as in n. ??) p. 13.

95

LongRec Compliance State-of-the-Art

Premis does not distinguish Intellectual Entity into Works, Expressions and Manifestations as What?

FRBR does. The PREMIS model considers the description of Intellectual Entities to be outside

of its scope, choosing to focus only on their ‘representations’ in electronic form (Objects).130

The Events entity describes actions that occur in the course of preservation.131 Events?

Premis does not record relationships between Intellectual Entities, only between Objects. This Relation-ships?

is in line with the preservation focus of Premis and is useful for linking various representations or

versions of the same Intellectual Entity to each other. The model does not exhaustively list all the

possible relationships between Objects, only determines which metadata must be captured.132

The Premis model recognizes the importance of Agents in their relation to Events and Rights. Origin:creator?Origin:source?CopyrightClaim: who?

However, only a means to identify the agent and a classification of agent type (person, organiza-

tion, or software) is defined in the Data Dictionary. Where additional metadata is required, this

must be provided by other schemas.133

The Rights entity can describe statements of rights and permissions. Rights are entitlements CopyrightClaim:basis?Licence?

allowed to agents by copyright or other intellectual property law. Permissions are powers or

privileges granted by agreement between a rightsholder and another party or parties.134

The revision of the Rights entity is summarized by Lavoie as follows:

“Like its original version, the Rights entity in PREMIS 2.0 is intended to support an

automated process that determines if a particular preservation-related action is per-

missible in regard to an Object or set of Objects within the repository, as well as to

record important information about the permission. However, key differences exist

between the old and new versions of the Rights entity. In PREMIS 2.0, the permis-

sionStatement container is replaced by a new rightsStatement container, which can

be used to express three forms of intellectual property rights: those established by

copyright, those established by license, and those established by statute. The Rights

entity defines metadata applicable to all three forms of rights statement, such as

identifiers, the nature, scope, and characteristics of the rights granted to the reposi-

tory, the Object(s) to which the rights apply, and the Agents responsible for granting

or administrating the rights. In addition, the new Rights entity defines metadata spe-

cific to copyright-, license-, and statute-based intellectual property rights. The result130 COMMITTEE, PREMIS Data Dictionary for Preservation Metadata, op. cit. (as in n. ??) p. 8 and 22.131 COMMITTEE, PREMIS Data Dictionary for Preservation Metadata, op. cit. (as in n. ??) p. 10.132 COMMITTEE, PREMIS Data Dictionary for Preservation Metadata, op. cit. (as in n. ??) p. 10 and 13.133 COMMITTEE, PREMIS Data Dictionary for Preservation Metadata, op. cit. (as in n. ??) p. 11.134 COMMITTEE, PREMIS Data Dictionary for Preservation Metadata, op. cit. (as in n. ??) p. 157.

96

LongRec Compliance State-of-the-Art

is a deeper, more nuanced description of rights in a digital preservation context, yet

one that preserves the earlier version’s practical orientation toward automated pro-

cessing.”135 .

CopyrightMD served as inspiration for the new rightsStatement container. However:

“It should be noted that the proposed uses of copyrightMD and PREMIS rights are

rather different. The copyrightMD schema is intended to document factual informa-

tion to allow a human being to make an informed copyright assessment of a given

work. The PREMIS rightsStatement is intended to allow a preservation repository

to determine whether it has the right to perform a certain action in an automated

fashion, with some documentation of the basis for the assertion.”136

A rightsStatement containing copyright information records who owns intellectual property in CopyrightClaim: who?CopyrightClaim:basis?Copyrightedinjurisdiction?CopyrightClaim:status?

the described object. The jurisdiction from which the copyright stems must be indicated. Legal

disputes can be recorded in CopyrightNote.

A rightsStatement containing licence information details which permission(s) the archive has

Licence?CopyrightClaim:scope?CopyrightClaim:status?

to execute preservation activities (copying, migration, . . . ). The terms of the licence can be

included. Whether or not the licence is under dispute could be recorded in LicenceNote

A rightsStatement containing statute information details which permission(s) a law or statute

Exemption injurisdiction?Copyrightedinjurisdiction?CopyrightClaim:status?

grants to the archive to execute preservation activities. The jurisdiction from which the statute

stems must be indicated. Legal disputes can be recorded in StatuteNote.

As many rightsStatements as necessary can be tied to any object in the archive, thus making it

possible to take into account the perspective of more than one legal system. The Rights container

is extensible, allowing organisations to record additional metadata as needed.137

Unlike Indecs, PREMIS 2.0 does not model the transactions about objects, only the resulting

permissions. However, PREMIS 2.0 provides hooks for extensions to the rights entity to be

developed.

135 LAVOIE, BRIAN F., “PREMIS With a Fresh Coat of Paint. Highlights from the Revision of the PREMIS DataDictionary for Preservation Metadata”, D-Lib Magazine, Vol. 14 2008, Nr. 5/6 , http://www.dlib.org/dlib/may08/lavoie/05lavoie.html

136 COMMITTEE, PREMIS Data Dictionary for Preservation Metadata, op. cit. (as in n. ??) p. 11.137 COMMITTEE, PREMIS Data Dictionary for Preservation Metadata, op. cit. (as in n. ??) p. 19.

97

LongRec Compliance State-of-the-Art

Requirement Metadata element CommentWhat? IdentifierJurisdiction(s)? / Could be implemented through Rights-

Extension.Copyrighted in jurisdiction? Rights.copyrightJurisdiction,

Rights.statuteJurisdictionWhen a rights container is recorded with‘copyright’ or ‘statute’ as its basis, thenthe jurisdiction from which the right stemsis recorded.

Origin: creator? Agent, Rights.linking-AgentRole

Origin: source? Agent, Rights.linking-AgentRole

Copyright Claim: who? Agent, RightsCopyright Claim: basis? Rights Copyright, Licence or Statute.Copyright Claim: scope? Rights.licenceTerms,

Rights.rightsGrantedCopyright Claim: status? Rights.copyrightNote,

Rights.licenseNote,Rights.statuteNote

Events? EventLicence? Rights.licenseExemption in jurisdiction? Rights.statuteWhy? /Relationship? Relationship

Further reading

• COMMITTEE, PREMIS EDITORIAL, PREMIS Data Dictionary for Preservation Metadata,

PREMIS, 2008 , http://www.loc.gov/standards/premis/, op. cit. (as in n. ??)

• LAVOIE, BRIAN F., “PREMIS With a Fresh Coat of Paint. Highlights from the Revision of

the PREMIS Data Dictionary for Preservation Metadata”, D-Lib Magazine, Vol. 14 2008,

Nr. 5/6 , http://www.dlib.org/dlib/may08/lavoie/05lavoie.html, op. cit.

(as in n. ??)

• COYLE, KAREN, Rights in the PREMIS Data Model, Washington D.C., U.S.A., Library of

Congress, 2006 , http://www.loc.gov/standards/premis/Rights-in-the-PREMIS-Data-Model.

pdf, op. cit. (as in n. ??)

98

LongRec Compliance State-of-the-Art

Rights Expression Languages As part of the development of technical protection mea-

sures138 to control the use of content by the public, a number of projects to develop ‘rights

expression languages’

Most of these Rights Expression Languages assume that the basis for use is a specific agreement

between the content provider and the user. What is expressed is who can do what with which

files (play, store, excerpt, . . . ).

From the perspective of enforcing compliance in an company, Rights Expression Languages

may provide a useful building block. Just like media companies aim to exert control over users

in an effort to protect their intellectual property, companies may wish to exert control over the

use of records to enforce compliance with a range of legal requirements, such as intellectual

property, confidentiality, data protection.

The aim of Rights Expression Languages is to tell a device whether or not to allow the use

of certain content by a user. Determining why the user should or should not be allowed the

requested form of use is outside the scope of REL.

Going into detail into all the REL under development is beyond the means of this study. What

follows is a list of prominent examples.

• Open Digital Rights Language http://www.odrl.net/ (ODRL)

• XrML http://www.xrml.org/

• MPEG-21 Part 5 Rights Expression Language (REL)

Further reading

• http://xml.coverpages.org/drm.html

BBC SMEF An industry that has a long history of dealing with production, use and reuse

of copyrighted material is the audiovisual industry. Perhaps surprisingly, there is no generally

accepted practice on how to go about rights management, nor is there a standard for copyright

metadata.

Obviously, encoding the copyright notice featured on a movie, documentary or other audiovisual

work into a metadata field is a trivial exercise. Capturing who all the contributors were in the138 This is more commonly known as DRM or Digital Rights Management, a term which will not be used here to

avoid confusing with Digital Records Management. Digital Rights Management is a misleading term to apply tomost common technical protection measures, as they do not deal with legal rights (who owns intellectual propertyrights or contractual to what) but with use restrictions.

99

LongRec Compliance State-of-the-Art

creation of an audiovisual work, from the script writer, to the author of song track lyrics or the

designer of artwork in the background, is far from trivial. Going one step further to also capture

the legal grounds for inclusion of that contribution into the final work as well as its exploitation

is a daunting task.

The BBC has taken on this challenge in the development of its ‘Standard Media Exchange

Framework’, which is aimed to “support and enable media asset management (‘MAM’) as an

end-to-end process across its business areas, from commissioning to delivery to the home.”139

The data model is able to accompany a production from it’s first conception as an idea over

the production phase until it’s broadcast and transfer. There are over 270 entities defined in the

model.

A cluster of entities describes television programmes at varying levels of granularity (objects).

A programme can be divided into items and shots, and it can be grouped with other programmes.

The entity ‘REPORTING_COPYRIGHT’ gives details on contributions and source material

used in programs (such as scripts, music, or even extracts from other programs).

The entity ‘role’ provides the answer to the question “Who does what under which conditions?”

by linking together parties (which can be either persons or organisations) with objects, and with

contracts (or contract line). Thus, a role could be that of a script author (linking a person,

her contract for work, and the respective script), or that of an actress (linking a person, her

employment contract, and the respective program).

To give an example, if an Andy Warhol painting is used in a programme item an instance

of ‘REPORTING_COPYRIGHT’ is created to describe the Andy Warhol painting and linked

with the item. An instance of ‘ROLE’ is created linking the object described in ‘REPORT-

ING_COPYRIGHT’ (the painting) with an organisation (the Warhol Estate) and a contract

(terms of permission for reuse).

The entity ‘contract’ contains one or many ‘clauses’, or inother words all the statements used

in a contract. The clauses should detail all the contractual terms, for instance the broadcaster’s

rights with respect to the material.

The model does not have room for obligations or rights stemming from sources other than agree-

ments, notably regulations. Thus reuse of copyrighted material permitted by an exemption in

copyright law could not be registered in the SMEF data model.

One might think that the entity ‘right’ would be suited for this purpose, especially in light of its

broad definition as “[a]n interest, or permission, which is recognised and protected by law”.140

139 http://www.bbc.co.uk/guidelines/smef.shtml140 SMEF Data Model, p. 284.

100

LongRec Compliance State-of-the-Art

However, upon close inspection, the right meant here only covers transmission rights, and not

other types of legal interests such as copyright or privacy. This observation is based on a system-

atic interpretation, noting that the description of the entity ‘RIGHT_TYPE’ states that examples

of types of right are the right to broadcast or the right to publish (both being categories of

transmission)141; and taking into consideration the attribute ‘RIG_Publication_Count’, which

indicates the total number of transmissions acquired by an outlet.142

The SMEF Data Model is an example of how to make the connection between business process

(audiovisual production and broadcast) and legal information. Not only are contracts included

in the model, but legally relevant activities – reuse of copyrighted material – is annotated.

141 SMEF Data Model, p. 287.142 SMEF Data Model, p. 284.

101

Chapter 5

Recordkeeping

Organisations and their records managers have a number of sources to turn to in developing

their recordkeeping approach. Legal requirements inevitably impact creation, maintenance and

preservation of records. Other than that, inspiration can be found in standards, guidelines and

best practices.

5.1 Standards

Since 1997, a subcommittee exists within ISO which has records and archives management as

its domain, Subcommittee (SC) 11 records and archives management, part of ISO Technical

Committee (TC) 46 Information and documentation.

This subcomittee has published a number of standards, amongst which ISO 15489 Information

and Documentation – Records Management, the first international records management stan-

dard. Another is ISO 23081 Metadata for records.1

ISO 15489 is divided in two parts:

• Part 1: General (ISO 15489-1:2001)

• Part 2: Guidelines [Technical Report] (ISO/TR 15489-2:2001)

ISO 15489-1 defines metadata as “data describing context, content, and structure of records and

their management through time.”1 For a description of the work of the subcommittee and these standards see HOFMAN, HANS, “Developments

in ISO standards for recordkeeping”, 2005 , http://dlmforum.typepad.com/Paper_HansHofman_onstandards.pdf.

102

LongRec Compliance State-of-the-Art

ISO 15489 Part 2 statest that “a records management policy statement is a statement of inten-

tions. It sets out what the organization intends to do and, sometimes includes an outline of the

program and procedures that will achieve those intentions.”

A records management policy should include:2

• Purpose, scope and applicability of the policy

• Rules and responsabilities

• Ownership, legal status, access rights and privacy

• Goals, principles and objectives

• References to documentation and related policies.

A number of European initiatives regarding functional requirements for records management

systems are reviewed in WALDRON, MARTIN, “Adopting electronic records management: Euro-

pean strategic initiatives”, The Information Management Journal, 2004, Nr. July/Aug. Amongst

others Moreq, Domea, Afnor standard NZ 42-013 are explained briefly.

In Canada, the ’Electronic records as documentary evidence’ (CGSB 72.34) standard was issued

on December 1st 2005. The standard establishes requirements for the creation of electronic

records in any form to ensure that their authenticity can be demonstrated. It is important to note

that, despite the name, compliance with the standard will not by itself guarantee that electronic

records will be accepted by courts as evidence. This decision is the sole competence of the

courts.3 The standard does maximize the probability of admissibility of electronic records.4 The

standard is tailored to the legal rules of evidence in Canada, but many requirements will no doubt

be just as relevant in other jurisdictions.

5.2 Best practices and guidelines

A number of organisations have issued guidelines on the subject. Notable examples of the latter

are the following:

• Guide for Managing Electronic Records from an Archival Perspective http://www.ica.

org/en/node/30019

2 MYLER, ELLIE, “Minimizing Risks through a corporate information compliance initiative”, The InformationManagement Journal, 2008, Nr. Jan/Feb, p. 59.

3 ?, , p. 39.4 ?, , p. 40.

103

LongRec Compliance State-of-the-Art

• DIRKS http://www.records.nsw.gov.au/recordkeeping/dirks-manual_

4226.asp (Strategies for Documenting Government Business)

• VERS http://www.prov.vic.gov.au/vers/vers/default.htm (Victorian Elec-

tronic Records Strategy)

There are so many guidelines out there that no attempt is made here to provide a comprehensive

list. All of these guidelines are more or less abstract in nature, therefor it would be of great

interest to know how they are implemented in practice by various organisations. Unfortunately,

precious little information is available on just how organisations manage their records.

In Switzerland, the Association of Swiss Archivists5 conducted a Records Management Survey

Schweiz in selected sectors of the private sector in 2006.6 The survey concluded that in practice

records management is often limited to traditional written records in particular financial records

and personel files. Digital born documents often escape centralized records management based

on selection and maintenance plans. There is a great need for training of all employees to

improve records management in companies.

The Virginia Commonwealth University (VCU) conducted a study on how data management is

practiced worldwide: “Measuring Data Management Practice Maturity: A Community’s Self-

Assessment”.7 The study concludes that most organizations do not manage information well.

The study focusses on the quality of data, mostly held in databases, not on records management

as such. Thus the relevance of this work for records management is not entirely clear.

Developing a records management requires involvement from the various stakeholders in an

organisation.

“While managing paper records has been the undisputable domain of records man-

agers, managing electronic records requires teamwork. Today, it is common to see

representatives of information technology, business units, records management, and

legal services or compliance coming together to develop policies and procedures to

address electronic records and information management issues. As part of the team,

records managers are in a position to bring tbeir expertise in categorizing, classify-

ing, and indexing documents to the development of metadata.”8

The questions to be answered are:5 http://www.vsa-aas.org/.6 http://www.vsa-aas.org/de/aktivitaet/earchiv/taetigkeit/rmsurvey/.7 AIKEN et al., Computer 40 [2007].8 FRANKS and KUNDE, The Information Management Journal Sept/Oct [2006] (as in n. ??), p. 56.

104

LongRec Compliance State-of-the-Art

• What records do we have? (Records manager, business unit, legal)

• Which records should we have? (Legal, business unit, Records manager)

• Why do we make/preserve these records? (Legal, business unit)

• How do we make these records? (business unit, IT)

• How should we make these records? (Legal)

• How do we preserve these records? (Records manager, IT)

• What is the budget? (Management)

An important part of the recordkeeping policy is the records retention schedule. A strategic

overview of how to develop a retention schedule in a large organisation is described by Fischer.9

Important advice is to thoroughly document the process, such as to enable records managers to

determine why specific retention periods were decided for the various types of records. In case

of a dispute, or generally when retention periods are questioned, such documentation provides

valuable information.10

Establishing a coherent retention schedule is a particularly difficult exercise for multi-national

companies. A small example is given in JONES, THOMAS M. et al., “Going global. Map-

ping an international records retention strategy.” The Information Management Journal, 2008,

Nr. May/June. After an overview of the most important U.S. retention requirements, the follow-

ing best practice is described:

“Absent other guidance, follow U.S. rules – In cases where a particular type of

record is not governed by foreign retention requirements, multinational organiza-

tions should simply adhere to their current U.S. retention periods as their global

default standard.

Adopt global norms where they exceed U.S. practice – Given that some interna-

tional records retention guidelines are longer than U.S. guidelines, the best practice

is to adopt the longer retention period. For example, the prevailing U.S. practice for

retaining certain tax records is seven years, whereas the minimum retention period

in Germany is 10 years. For excessively long single-country requirements, issue

“exception” policies –

For excessively long retention requirements of a single country, make reasoned

decisions as to compliance. For example, Argentina and Puerto Rico require ac-

counting records to be retained until closure of business plus 10 and five years,9 FISCHER, LAURIE, “Condition critical: developing records retention schedules”, The Information Management

Journal, Jan/Feb 2006. See also MYLER, The Information Management Journal 2008 (as in n. ??).10 FISCHER, The Information Management Journal Jan/Feb [2006], op. cit. (as in n. ??), p. 34.

105

LongRec Compliance State-of-the-Art

respectively. In these cases, the best strategy is to issue singie-country “excep-

tion” retention policies that mandate compliance for the business operations located

there.”11

The article by Jones e.a. conveniently omits the problems caused by differing legal systems

imposing radically conflicting obligations. Nowhere is this more apparant than with respect

to privacy questions. To give but one example, in the U.S. organisations are relatively free to

monitor their employees e-mail communications12 , whereas their European counterparts must

take into account privacy laws. Data protection legislation is a recurring source of conflict for

companies operating in the U.S. and in Europe, as was demonstrated recently in the SWIFT

case.

Apart from the question how long a record should be preserved, are questions regarding the level

of protection – or conversely access – to be given to records, who is the custodian responsible

for the record,13 and how quickly a record must be produced.

5.3 Regulatory recordkeeping requirements

5.3.1 Public Sector

CH

The Swiss ISB (Informatikstrategieorgan Bund) which coordinates the implementation of e-

Government on the federal, cantonal and municipal level is developing the GEVER project,

which stands for Geschäftsverwaltung (business administration).14 The aim is automating work

processes troughout government agencies on all levels. Quite a number of regulations impact

the creation, management and long term preservation of records by the government, as a study

of the Swiss Federal Archives revealed.15 Another document lists the standards relevant to the

GEVER project.16

11 JONES et al., The Information Management Journal 2008, op. cit. (as in n. ??), p. 36.12 This liberty is taken for granted, see for instance PEGLAR, ROB, “Evidence management solutions for mitigating

e-records risks”, The Information Management Journal, 2007, Nr. July/Aug.13 FISCHER, The Information Management Journal Jan/Feb [2006], op. cit. (as in n. ??), p. 26.14 http://www.isb.admin.ch/themen/architektur/00078/index.html?lang=de.15 BUNDESARCHIV, SCHWEIZERISCHES (ed.), Rechtliche Aspekte elektronischer Geschäftsverwaltung,

Bern, 2007 , http://www.isb.admin.ch/themen/architektur/00078/00080/00212/index.html?lang=de\download=NHzLpZeg7t,.

16 EFD, EIDGENÖSSISCHES FINANZDEPARTEMENT (ed.), Vorgaben zu GEVER / Records Management, 2007, http://www.isb.admin.ch/themen/architektur/00078/00197/00214/index.html?lang=de\download=NHzLpZeg7t,.

106

LongRec Compliance State-of-the-Art

SI

The Slovenian Protection of Documents and Archives and Archival Institutions Act (PDAAIA)17

contains provisions regarding the preservation of documents both in physical and electronic

form. The law applies to the public and private sector.18

U.S.

FDA part 11 Electronic Records and signatures

In March of 1997, the FDA issued regulations determining under which circumstances electronic

records and electronic signatures are accepted as trustworthy, reliable and equivalent to paper

records and handwritten signatures executed on paper.19 The aim of these regulations was to

make allowance for widespread use of electronic technology, in a way compatible with the

FDA’s responsibility to protect the public health. Subsequently, the FDA published a compliance

policy guide20, issued numerous (draft) guidance documents covering such topics as validation

of computer systems time stamps, maintenance and copying of electronic records, as well as a

glossary of terms.21 The FDA opted for a phased approach, progressively increasing the number

of record types that may be submitted in electronic form.22 Additionally, entities seeking to

submit records electronically must first consult with the intended receiving unit of the agency

on all practical issues concerning electronic submission, ie method of transmission, media, file

format, technical protocols.23 Records required to be maintained but not submitted could be kept

in electronic form immediately from entry into force of the rules, provided that the requirements

are met.24

Through extensive contact with the industry subject to FDA regulations, a number of concerns

were raised regarding the regulation on electronic records and electronic signatures, notably17 See http://www.arhiv.gov.si/en/archival_regulations_and_standards/ for an English

translation of the act.18 See HAJTNIK, DLM Forum Meeting, Ljubljana, 8-9 april 2008 2008 (as in n. ??).19 These rules were incorporated in the Code of Federal Regulations, Title 21 Food and drugs, Chapter I Food and

drug administrations, department of health and human services, part 11 Electronic records; electronic signatures,Federal register, Vol. 62, Nr. 54, March 20, 1997, p. 13430 ff., (hereafter 21 CFR Part 11). See Section 11.1 of21 CFR Part 11 for an outline of the scope of these rules.

20 Sec. 160.850: Enforcement Policy: 21 CFR Part 11 (CPG 7153.17), introduced 13/05/1999, revoked on19/02/2003 (68 Fed. Reg. 8775).

21 Federal Register, Vol. 68, nr. 37, February 25, 2003, p. 8776.22 Section 11.2(b)(1) of 21 CFR Part 11.23 Section 11.2(b)(1) of 21 CFR Part 11.24 Section 11.2(a) of 21 CFR Part 11.

107

LongRec Compliance State-of-the-Art

with regard to cost of compliance, resulting restrictions on use of technology and discourage-

ment of technical innovation. This has led the FDA to announce a complete re-examination of

21 CFR Part 11.25 This announcement was accompanied by the decision to withdraw the ex-

isting draft guides and the compliance policy guide. Though 21 CFR Part 11 remains in force,

the FDA has decided to exercise discretion with regards to enforcement, as detailed in the final

guidance document26 posted on their website on March 9th 2003. In particular discretion will be

exercised regarding to validation, audit trail, record retention, and record copying requirements.

All other provisions of 21 CFR Part 11, in particular those concerning controls for open and

closed systems and requirements for electronic signatures, will be enforced as before.27

21 CFR Part 11 rules require that procedures for electronic records management are established

and followed to ensure the authenticity, integrity and, where appropriate, the confidentiality

of electronic records is guaranteed. Also, the signer must not be able to easily repudiate any

signed record as not being genuine.28 The rules break down this general aim into a number of

requirements, both of an organizational and technical nature. Each organisation is responsible

for drawing up their own procedures and designing their systems to meet these requirements, as

well as for keeping them up to date.

Procedures should describe29:

• How electronic records will be maintained;

– Validation of systems to ensure accuracy, reliability, performance and integrity.30

– Accessibility of accurate and complete copies in human readable and electronic form

throughout the records retention period 31

– Use of authority checks32

• Storage conditions and precautions;

– Use of secure, time-stamped audit trails documenting the life-cycle of each record.33

– Use of operational system checks to enforce permitted sequencing of steps and events.34

25 Federal Register, Vol. 68, nr. 37, February 25, 2003, p. 8775.26 FDA, “Part 11, Electronic Records; Electronic Signatures – Scope and Application”, available at http://www.fda.gov/cder/guidance/5667fnl.htm; as announced in Federal Register, Vol. 68, nr. 37, February 25,2003, p. 8776.

27 Federal Register, Vol. 68, nr. 37, February 25, 2003, p. 8776.28 Section 11.10 of 21 CFR Part 11.29 Draft Guidance for Industry 21 CFR Part 11; Electronic Records; Electronic Signatures Maintenance of Elec-

tronic Records, v. July 2002 (withdrawn), p. 7.30 Section 11.10(a) of 21 CFR Part 11.31 Section 11.10(b) and (c) of 21 CFR Part 11.32 Section 11.10(g) of 21 CFR Part 11.33 Section 11.10(e) of 21 CFR Part 11.34 Section 11.10(f) of 21 CFR Part 11.

108

LongRec Compliance State-of-the-Art

– Use of device checks to ensure source validation.35

– Maintenance of systems documentation36

• Retrieval and access restrictions;

– Limiting system access to authorized individuals37

• The technical approach to long term electronic record storage; and,

• Personnel responsibilities for relevant tasks.

– Education and training of personnel38

– Accountability and responsability of individuals for any actions initiated under their elec-

tronic signature in accordance with written policies39

When open systems are used – meaning an environment in which system access is not controlled

by persons who are responsible for the content of electronic records that are on the system –

additional measures to ensure record authenticity, integrity and confidentiality may be necessary.

The rules cite document encryption and digital signature techniques as examples.40

Factors that could potentially affect the reliability of electronic records during their records

retention periods should be identified and controlled, otherwise information that the electronic

records should convey might not be complete, accurate, or usable41:

• Data encoding

• Metadata

• Media

• Hardware

• Software

• Viewers

Only electronic signature methods that provide strong authentication are acceptable for use in

matters controlled by the FDA. Organizations must verify the individual’s identity before as-

signing that person an electronic signature or the means to create electronic signatures.42 The

electronic signature method employed shall ensure that only the genuine owner can use it to35 Section 11.10(h) of 21 CFR Part 11.36 Section 11.10(k) of 21 CFR Part 11.37 Section 11.10(d) of 21 CFR Part 11.38 Section 11.10(i) of 21 CFR Part 11.39 Section 11.10(j) of 21 CFR Part 11.40 Section 11.30 of 21 CFR Part 11.41 Draft Guidance for Industry 21 CFR Part 11; Electronic Records; Electronic Signatures Maintenance of Elec-

tronic Records, v. July 2002 (withdrawn), p. 8.42 Section 11.100(b) of 21 CFR Part 11.

109

LongRec Compliance State-of-the-Art

generate signatures.43 Likewise, electronic signatures must be unique to an individual.44 For the

purpose of legal certainty, organizations using electronic signatures must certify – on paper – to

the FDA that they intend these signatures to be legally binding.45 Additional requirements apply

to electronic signatures not based upon biometrics:46

• Signatures must be based on two distinct identification components, such as an identification

code and a password;

• Attempted use of such signatures by anyone other than the owner, shall require collaboration

of at least two people;

When identification code and password systems are in place, the organization must implement

controls to ensure their security and integrity47:

• the combination of code and password must be unique;

• the security of the combinations must be checked periodically;

• loss management procedures must be in place;

• prevention measures against unauthorizes use must be in place;

• testing procedures for devices that bear or generate identification code or password informa-

tion;

The regulation specifies a number of requirements for ’signature manifestations’. The printed

name of the signer, the date and time of signature and the meaning of the signature (review,

approval, responsibility or authorhip) shall be associated with the signature and made visible as

part of any human readable form of the electronic record, either on a computer display or on a

printout.48 Also, electronic signatures must be linked to electronic records such that they cannot

readily be excised, copied or transferred to create false electronic records.49

The draft guidance on maintenance of electronic records detailed an approach for migration of

digitally signed records.50

A major element in the procedures to ensure authenticity and integrity of electronic records are

the production of secure, computer-generated, time-stamped audit trails which independently43 Section 11.200(a)(2) and (b) of 21 CFR Part 11.44 Section 11.100(a) of 21 CFR Part 11.45 Section 11.100(c) of 21 CFR Part 11.46 Section 11.200(a)(1) and (3) of 21 CFR Part 11.47 Section 11.300 of 21 CFR Part 11.48 Section 11.50 of 21 CFR Part 11.49 Section 11.50 of 21 CFR Part 11. See also the explanatory notes preceeding the rules, Federal register, Vol. 62,

Nr. 54, March 20, 1997, p. 13455 ff.50 Draft Guidance for Industry 21 CFR Part 11; Electronic Records; Electronic Signatures Maintenance of Elec-

tronic Records, v. July 2002 (withdrawn), p. 20 ff.

110

LongRec Compliance State-of-the-Art

record the date and time of operator entries and actions that create, modify, or delete electronic

records.51 The accuracy of time-stamps was addressed further in the draft guidance on time-

stamping52

Not only should procedures be developped to address all the above points, the computer systems

used in the implementation of an electronic records and electronic signature system must be

validated to ascertain whether the goals are met consistently. A draft guidance was issued on

validation of computer systems, but later withdrawn.53 The draft guidance listed a number of

key principles concering systems validation. Establishing and documenting system requirements

specifications is a necessary first step in validation as this serves as the baseline for benchmark-

ing. Through validation evidence must be obtained that the

computer system implements the requirements consistently. Thorough documentation of the

validation process is of great importance in order for it to serve its purpose. Validation docu-

mentation should include a validation plan, validation procedures, and a validation report, and

should identify who in management is responsible for approval of the plan, the procedures and

the report.54 The FDA observes that objective self-evaluation is difficult, thus , where possi-

ble, and especially for higher risk applications, computer system validation should be performed

by persons other than those responsible for building the system.55 Once a system is validated,

change control is necessary to monitor if and when new validation actions are required.56

The Draft guidance acknowledges that the internet may play a role in electronic recordkeeping,

notably for transfer of records. While validating the internet per se is not possible, the systems

at either end ought to be validated.57

The FDA rules on electronic records and electronic signatures provide a useful overview of

requirements to be met for the preservation of authentic and reliable records. Implementation is

left up to the organizations themselves.

Further reading51 Section 11.10(e) of 21 CFR Part 11.52 Draft Guidance for Industry 21 CFR Part 11; Electronic Records; Electronic Signatures; Time Stamps. v.

February 2002.53 Federal Register, Vol. 68, nr. 37, February 25, 2003, p. 8776.54 Draft Guidance for Industry 21 CFR Part 11; Electronic Records; Electronic Signatures; Validation, v. August

2001, p. 6.55 Draft Guidance for Industry 21 CFR Part 11; Electronic Records; Electronic Signatures; Validation, v. August

2001, p. 10.56 Draft Guidance for Industry 21 CFR Part 11; Electronic Records; Electronic Signatures; Validation, v. August

2001, p. 10.57 Draft Guidance for Industry 21 CFR Part 11; Electronic Records; Electronic Signatures; Validation, v. August

2001, p. 13 ff.

111

LongRec Compliance State-of-the-Art

• FDA part 11 http://www.fda.gov/ora/compliance_ref/part11/

• http://www.21cfrpart11.com/index.html

Government Paperwork Elimination Act

Under the Government Paperwork Elimination Act (GPEA), Pub. L. No. 105-277, 1701-1710

(1998) (codified as 44 U.S.C.A. 3504 n. (West Supp. 1999)), Federal Executive agencies are

required to implement infrastructure to allow for electronic maintenance, submission, or dis-

closure of information as a substitute for paper whenever practicable, as well as for the use

and acceptance of electronic signatures. Guidance to assist agencies in implementing GPEA’s

requirements was developed by the Office of Management and Budget (OMB) in “Procedures

and Guidance; Implementation of the Government Paperwork Elimination Act,” 65 FR 25508,

May 2, 2000 (“OMB Guidance”). As part of the OMB Guidance, the Department of Justice

issued practical guidance on legal considerations related to agency use of electronic filing and

recordkeeping. It should be noted that the E-SIGN Act (“Electronic Records and Signatures in

Global and National Commerce Act”)58 is of importance in this matter.59

The GPEA, like the E-SIGN Act, provides that electronic records and signatures shall not be

denied legal effect because they are in electronic form. Thus, a statutory “writing” requirement

does not necessarily imply that this writing must be on paper.60

“The shift away from paper-based records raises serious record collection, manage-

ment and retention issues, some of which are familiar to the world of paper records

and some of which are unique to electronic record retention and retrieval. On the

other hand, electronic records can offer benefits, like easier search and retrieval, that

may reduce some of the problems of paper-based records management. Thus, the

objective of any conversion to electronic processes is to maximize the benefits that

such systems can offer, while simultaneously minimizing any risks, including legal

risks.”61

“A key question agencies face in converting to or adopting electronic processes is

whether the system under consideration meets the applicable legal requirements and

provides adequate evidence of its transactions and actions. In certain situations, an

agency may determine that an electronic process is “good enough” to meet its legal58 Pub.L. 106-229, §1, June 30, 2000, 114 Stat. 464, codified at 15 U.S.C. 7001-7006.59 DOJ GPEA Guide, p. 1.60 DOJ GPEA Guide, p. 13.61 DOJ GPEA Guide, p. 2.

112

LongRec Compliance State-of-the-Art

needs without regard to whether it is comparable to or as good as its prior process.

At the other extreme, some agencies may decide that electronic conversion will

require a complete re-engineering of their business processes in order to address the

legal risks and issues that a particular system presents or that are not being addressed

as effectively in their existing system.”62

“To be able to protect the government’s interests in litigation, the Department of

Justice needs available, reliable, and persuasive agency records: records that are

complete, uniform, easily understood, easily accessible and have been kept under

a system that ensures a chain of custody of submissions and information gathered

from all sources. Those requirements will not disappear merely because the medium

of transactions changes from paper to electronic.”63

As an agency identifies processes for conversion from paper to electronic, it should address the

following issues:64

1. Will the electronically gathered and stored information be collected, retained, and accessible

whenever needed?

2. Will the electronic collection, transmission, or storage of “documents” or information comply

with applicable legal requirements, including, for example, laws requiring that certain records

be maintained in a particular form or format?

3. Will electronic records be sufficiently reliable to be useful to Congress, agency decision-

makers, private disputants, judges, juries, and others who must determine the facts underlying

agency actions?

4. Will the agency’s use of electronic methods to obtain, send, disclose and store information

comply with applicable laws, such as those governing recordkeeping, privacy, confidentiality,

and accessibility?

Will the electronic process gather all necessary information, meaning content, context, transac-

tion data and identification data?

Content

The content of the transaction must include all records that comprise the substance of the trans-

action or filing.65

62 DOJ GPEA Guide, p. 5.63 DOJ GPEA Guide, p. 7.64 DOJ GPEA Guide, p. 8.65 This was the subject of debate in Public Citizen v. Carlin, 184 F.3d 900, 910 (D.C. Cir. 1999) (discussing

preservation of content, structure, and context of federal records).

113

LongRec Compliance State-of-the-Art

“When agencies collect information in paper form, additional information beyond

that requested by the four corners of the form is frequently supplied. The docu-

ment received by an agency might include additional attachments not necessarily

required, and the agency might supplement the record with interlineations or notes.

The physical composition of the document can attest to its completeness – for ex-

ample, pages that were stapled together by the sender suggest that this was the

document that was intended to be submitted to the agency. The agency’s electronic

process should include safeguards so that an agency can establish all of the infor-

mation that was submitted by the sender as a single electronic document.”66

Clearly, the distinction between final document and draft should be made,67 and in general some

form of version control is necessary.

Contextual information

When forms are used, not just the answers given by respondants but also the questions in the

form should be preserved.68 When information derives from electronic processes, sufficient

documentation of the logic behind them and the guarantees in place to ensure reliability of their

outcome should be available.69

The relationship between records must be preserved.70

Transaction data

Records that contain information about how the transaction was processed, including dates re-

ceived and changes or modifications that were made in records should be preserved.

“Agencies should also ensure that their electronic processing captures all relevant

information, such as when and where the document was sent and received and

whether the document was subsequently altered, and, if so, the source, date, and

content of the alteration. Electronic systems can be designed to capture such infor-

mation, including alterations or changes to a document. In the above example, if the

agency’s electronic process reliably kept track of all alterations to the applications

after receipt, it could prove that Baker’s application was not altered.”71

66 DOJ GPEA Guide, p. 10.67 DOJ GPEA Guide, p. 37.68 DOJ GPEA Guide, p. 21.69 DOJ GPEA Guide, p. 22 and 36.70 DOJ GPEA Guide, p. 37.71 DOJ GPEA Guide, p. 10.

114

LongRec Compliance State-of-the-Art

The date and time that the communication or transaction was sent or initiated should be recorded,72

as well as the fact that the communication or transmission actually was received, by whom it was

received, and the date and time it was received.73

Identification

A means to authenticate the identity of all people who participated in the transaction both inside

and outside the agency, as well as the scope of each person’s participation should be included.

“Often it is crucial to be able to prove who (i.e., a specific individual) submitted a

communication or agreed to a transaction with an agency. Paper documents gener-

ally accomplish this fairly well, most commonly by containing a handwritten signa-

ture that can be matched with a specific person, a letterhead or return address on the

document or envelope, and so on. Some transactions are so important that agencies

require a personal appearance before some designated official in order to establish

identity, e.g., having a notary endorse or certify the signature.

Agencies should consider whether, in appropriate circumstances, a proposed elec-

tronic process will gather information sufficient to identify the person who sub-

mitted a communication or agreed to a transaction. For important transactions,

particularly those that require proof of an individual’s identity, or that he or she is

creating a legally binding obligation, an agency may wish to require those individu-

als to employ some form of electronic signature. In the above example, the use of a

digital signature could provide the agency a reliable means of identifying the name,

position, and location of the specific individual who submitted the document, and

thus, it would be difficult for Company to deny that one of its employees filed the

application.”74

Intention

For appropriate transactions, a means for establishing the intent of the participants to enter into

the transaction or agreement should be provided.

“Enforcement of an agency’s rights often depends upon being able to prove what

was intended by a communication. Did the parties intend a transmission of infor-

mation to be a draft of a possible contract or a final, legally binding contract? Did72 DOJ GPEA Guide, p. 34.73 DOJ GPEA Guide, p. 36.74 DOJ GPEA Guide, p. 10 ff and 34 ff.

115

LongRec Compliance State-of-the-Art

an individual who transmitted information to the agency intend it to be a formal

report which, if false, could result in his criminal prosecution? Paper-based trans-

actions and communications typically answer such questions in a number of ways,

for example, by whether a document “looks” like a contract or just an informal let-

ter, whether it contains a handwritten signature, or whether it contains a warning

that it is submitted under “penalty of perjury.” Similar methods can be used in the

electronic world.”75

Will the information be retained?

Agencies should determine which information should be retained and for what period of time,

as well as which information may be discarded soon after receipt.76

“Electronic systems should be designed and maintained to guard against data cor-

ruption, whether through accidental deletion, equipment failures, storage media de-

terioration over time, stray electromagnetic forces, or myriad other hardware and

software problems. Such systems should also be designed to limit access to autho-

rized users – for example, by requiring controlled password identification for access

to certain information. Finally, an electronic system should be designed to ensure

proper file retention and tracing of alterations and updates (as to source, date, and

content, and all other internal controls that are required to produce a secure and

reliable record maintenance and retention system).”77

“Electronic data are frequently transferred or converted from one storage medium

or software system to another. In this process (sometimes referred to as “data mi-

gration”), important information, such as formatting and the structure and content

of electronic forms, may be lost, or even the record itself destroyed unless appro-

priate steps are taken. Similarly, unless such changes are thoroughly documented,

it can be difficult to demonstrate that the critical information was not changed in

the process. In transition between systems, agencies sometimes maintain multiple,

overlapping systems, particularly in the transition from paper to electronic based

systems. Because information from all systems may be required to be maintained

under the Federal Records Act78 and may be needed for various purposes, agencies

should address retention issues for all systems, even overlapping ones.”79

75 DOJ GPEA Guide, p. 11. See also p. 36.76 DOJ GPEA Guide, p. 11.77 DOJ GPEA Guide, p. 11 ff.78 44 U.S.C. §§ 2101-2118, 2901-2910, 3101-3107, and 3301-3324.79 DOJ GPEA Guide, p. 12.

116

LongRec Compliance State-of-the-Art

Not only must information be retained, it must be preserved under such conditions that guarantee

it’s integrity to a sufficient degree. Otherwise, the agency, judges or citizens may be unwilling

to rely on the records concerned in the course of their activities.80 This is of great importance to

ensure the admissibility of the records as evidence, which depends on the evidence being shown

to be authentic and to conform with the ’best evidence’ rule.81

Will the information continue to be accessible?

“Unlike paper files which, when properly organized and maintained in the ordinary

course of business, are readily available and usable without any special equipment,

electronic information is not always accessible without special equipment and soft-

ware. Agencies should consider several factors related to the accessibility of elec-

tronic records. First, computer technology is rapidly changing and software and

formatting standards may quickly become obsolete. Computer-stored data may be-

come useless unless the agency can provide the continued capability with the older

technologies or can accurately translate the document as more modern systems are

implemented. Second, if in the future, an agency no longer has staff who are fa-

miliar and competent to work with the electronic processes necessary to read older

data, such data could be functionally unavailable.82 Electronic files might be stored

while encrypted by software or protected by passwords no longer available or re-

membered years later, unless steps are taken to preserve the software or passwords.

As noted above, these concerns are no less serious if the information is held by an

outside party.”83

For some specific guidances, see DOJ GPEA Guide, p. 40 ff.

What are the legal requirements?

Legal requirements generally pertain to creation84, use, storage and disclosure.85

Does the electronic record constitute a ’writing’ in situations where the law requires it?

The functional purposes of a writing must be attained by the electronic documents, meaning that

they provide a documentary recording of a transaction in a manner that establishes and memo-

rializes the terms.86 In some instances, electronic information resembles an oral conversation80 DOJ GPEA Guide, p. 21 and 36 ff. The DOJ GPEA Guide uses the term ’perceived reliability’ in this context.81 DOJ GPEA Guide, p. 22 ?, .82 See Jeff Rothenberg, Ensuring the Longevity of Digital Documents, Scientific American, January 1995, at 42-47.83 DOJ GPEA Guide, p. 12.84 Notably, records retention obligations and requirements of form impact creation of electronic records.85 For a list of examples of these requirements, see: DOJ GPEA Guide, p. 23 ff.86 DOJ GPEA Guide, p. 13.

117

LongRec Compliance State-of-the-Art

more than a formal agreement, e.g. chat conversations. Allthough such electronic conversations

may be recorded and retained, judges may very well be reluctant to accord them the status and

legal effect of a ’writing’.”To the extent that the electronic process clearly records the terms of

agreements and is adequate to show that the parties intended to make those agreements – that is,

they serve the purposes that the law has required and relied on paper to serve – it is more likely

that they will be accepted by the courts.”87

5.3.2 Private sector

Recordkeeping in the private sector serves roughly 3 purposes:

• Compliance with legal requirements to maintain and preserve records

• Contractual obligations to maintain and preserve records

• Interest of the organisation in maintaining records as assets, ie for evidence purposes or for

the purpose of retaining a memory of previous activities.

INT

The Basel II Accord modifies the Basel I accord on credit risk and extends it to address related

issues.

Like Basel I, the accord determines rules on minimum capital requirements for financial insti-

tutions (first pillar of Basel II), though it no longer limits it’s view to credit risk alone. Basel II

also takes into account operational and market risks.

Operational risk encompasses the risk of loss due to operational issues (bad management deci-

sions, fraud, incorrect administration, . . . ). Operational risk is defined as the risk of loss resulting

from inadequate or failed internal processes, people and systems or from external events. This

definition includes legal risk, but excludes strategic and reputational risk.

Market risk is the risk of loss due to a decrease in the value of investments (e.g. stocks and

bonds) held by the financial institution.

The second pillar of Basel II addresses the implementation of a risk management strategy by

financial institutions throughout their activities. The aim is to encourage banks to develop and

use better risk management techniques in monitoring and managing their risks.88

87 DOJ GPEA Guide, p. 15, in particular footnote 19.88 Basel II, p. 204.

118

LongRec Compliance State-of-the-Art

For risk management to be effective, a certain level of control over internal information an

reporting must be ensured. The accuracy and completeness of data inputs into the bank’s risk

assessment process must be assured.89

The third pillar promotes transparancy by providing disclosre requirements, ie regarding the

methodology for and results of risk calculations by financial institutions.

Further reading

• Bank for international settlements http://www.bis.org

• Basel II http://www.bis.org/publ/bcbsca.htm

EU

EU Directive on Statutory Audit

On July 7th 2006 the “8th EU Directive on Statutory Audit” was issued, replacing the EU 8th

Company Law Directive of 1984. This directive must be transposed by the Member States by

July 2008. The revision was first proposed in the Green paper on Financial Services Policy

(2005-2010)90

This directive is the European counterpart of the U.S. Sarbanes-Oxley Act, which is why it

is often referred to as Euro-SOX. The directive is less farreaching than its U.S. counterpart

according to analists. While Sarbanes Oxley is based on rules, EuroSox is based on principles.

EuroSox follows a ‘comply or explain’ approach to compliance demands.

The revision revolves around four key issues91:

1. establishing that board members are collectively responsible for financial statements and key

non-financial information;

2. making unlisted companies’ transactions with related parties more transparent;

3. ensuring that all companies provide full information about off-balance-sheet arrangements,

including special-purpose vehicles which may be located offshore;

4. making listed companies issue an annual “ corporate governance statement”

Revisions were made to the following directives:89 Basel II, p. 209, nr. 745.90 http://ec.europa.eu/internal_market/finances/docs/actionplan/index/green_en.pdf.

91 Commission press release IP/04/1318 and MEMO/04/246, October 28, 2004.

119

LongRec Compliance State-of-the-Art

• 4th directive 78/660/EEC – Annual Accounts of specific type of companies

• 7th directive 83/349/EEC – Consolidated accounts

• 8th directive 84/253/EEC – Auditor and audit committee requirements

In short, the requirements revolve around

• Effective Corporate Governance, internal controls and risk management

• Safeguard shareholders’ investments

• Increase in disclosure requirements

• Establish audit committees

• Improved Corporate Governance.

These directives address a need for more reliable financial reporting, which is only one element

in the larger frame of overal compliance with regulations.

US

Sarbanes-Oxley Act

Much like the FDA part 11 rules, the Sarbanes-Oxley Act – also known as the Public Company

Accounting Reform and Investor Protection Act of 200292 and commonly called SOx – calls for

(amongst other measures) internal controls over especially important company records, in this

case records contributing to accurate financial reporting.

Key provisions of the act relating to records management are sections 302, 404 and 802.93

Section 302 of the SOx Act94 requires that internal procedures be implemented to ensure accu-

rate financial disclosure. The signing officers must certify that they are

• “responsible for establishing and maintaining internal controls”

• “have designed such internal controls to ensure that material information relating to the com-

pany and its consolidated subsidiaries is made known to such officers by others within those

entities, particularly during the period in which the periodic reports are being prepared.”

• “have evaluated the effectiveness of the company’s internal controls as of a date within 90

days prior to the report”92 Pub.L. 107-204, 116 Stat. 745, enacted 30 July 2002.93 NEARON, BRUCE H. et al., “Life after Sarbanes-Oxley: The merger of information security and accountability”,

Jurimetrics, 45 2005, p. 380.94 Codified in 15 USC § 7241(a)(4).

120

LongRec Compliance State-of-the-Art

• “have presented in the report their conclusions about the effectiveness of their internal controls

based on their evaluation as of that date.”

The SEC issued rules in 17 CFR §§240.13a-14 and 15d-15 pursuant this provision.

Section 404 of the SOx Act95 requires management and the external auditor to report on the

adequacy of the company’s internal control over financial reporting.

More specific legal obligations pursuant this section have been issued by the SEC in “Final

Rule: Management’s Report on Internal Control Over Financial Reporting and Certification of

Disclosure in Exchange Act Periodic Reports” 96

Furthermore, management can refer to the guidance on internal control reporting issued by the

SEC in “Commission Guidance Regarding Management’s Report on Internal Control Over Fi-

nancial Reporting Under Section 13(a) or 15(d) of the Securities Exchange Act of 1934”.97

External auditors may find guidance in Auditing Standard No. 5 of the Public Company Ac-

counting Oversight Board (PCAOB).98

Though quite some regulatory texts have resulted from the SOx Act, critics find that the require-

ments remain all too vague.99

Section 802100 provides that “Whoever knowingly alters, destroys, mutilates, conceals, covers

up, falsifies, or makes a false entry in any record, document, or tangible object with the intent

to impede, obstruct, or influence the investigation or proper administration of any matter within

the

jurisdiction of any department or agency of the United States or any case filed under title 11, or in

relation to or contemplation of any such matter or case, shall be fined under this title, imprisoned

not more than 20 years, or both.” Additionally, external auditors are required to retain corporate

audit records for 5 years.101

Compliance with these provisions logically requires that an appropriate records management

policy is in place.102

95 Codified in 15 USC § 7262.96 Release No. 33-8238 (June 5,2003), available at http://www.sec.gov/rules/final/33-8238.htm.97 Release No. 33-8810 (June 20, 2007), available at http://www.sec.gov/rules/interp/2007/33-8810.pdf.

98 http://www.pcaob.org/Rules/Docket_021/2007-06-12_Release_No_2007-005A.pdf.99 MONTANA, JOHN, “The Sarbanes-Oxley Act: Five Years Later”, The Information Management Journal, 2007,

Nr. Nov/Dec, p. 48.100 Codified in 18 USC §1519.101 See 18 USC §1520.102 Nearon et al. use the term ’Information Security Regime’,which encompasses records management since “[in-

formation] provides the records and forensic histories for management, audit, compliance, records retention, andother functions”, NEARON et al., Jurimetrics 45 [2005], op. cit. (as in n. ??) p. 381 and 382.

121

LongRec Compliance State-of-the-Art

This follows directly from the definition of ’internal control’ given by the SEC in it’s final

rules103:

• 17 CFR §240.13a15 (f) The term internal control over financial reporting is defined as a pro-

cess designed by, or under the supervision of, the issuer’s principal executive and principal

financial officers, or persons performing similar functions, and effected by the issuer’s board

of directors, management and other personnel, to provide reasonable assurance regarding the

reliability of financial reporting and the preparation of financial statements for external pur-

poses in accordance with generally accepted accounting principles and includes those policies

and procedures that:

1. Pertain to the maintenance of records that in reasonable detail accurately and fairly reflect

the transactions and dispositions of the assets of the issuer;

2. Provide reasonable assurance that transactions are recorded as necessary to permit prepa-

ration of financial statements in accordance with generally accepted accounting principles,

and that receipts and expenditures of the issuer are being made only in accordance with

authorizations of management and directors of the issuer; and

3. Provide reasonable assurance regarding prevention or timely detection of unauthorized ac-

quisition, use or disposition of the issuer’s assets that could have a material effect on the

financial statements.

In their article, Nearon et al. introduce a set of specific terms, in particular ’data-generating

events’ and ’source data’.

Though the definition they give of ’data-generating event’ does not correspond entirely with that

of a ’record’, the concerns they raise with respect to DGE’s apply to records. Main concerns are

tampering with the time and date of records, as well as tampering with the contents.104 A records

management system must ensure integrity, confidentiality (as appropriate) and availability (read-

ability).105 A valid point raised by Nearon et al. is that the (human readable) views generated

on the basis of electronically stored data must be reliable as well. Indeed there is little point

in securely storing records if the software used to serve them to the user can be manipulated to

show something different.106

The annually required report on the company’s internal control over financial reporting must

include a statement “identifying the framework used by management to evaluate the effective-103 “Final Rule: Management’s Report on Internal Control Over Financial Reporting and Certification of Disclosure

in Exchange Act Periodic Reports”, Release No. 33-8238 (June 5, 2003), available at http://www.sec.gov/rules/final/33-8238.htm.

104 NEARON et al., Jurimetrics 45 [2005], op. cit. (as in n. ??) p. 390 and 394.105 NEARON et al., Jurimetrics 45 [2005], op. cit. (as in n. ??) p. 394.106 NEARON et al., Jurimetrics 45 [2005], op. cit. (as in n. ??), p. 387 ff.

122

LongRec Compliance State-of-the-Art

ness of the company’s internal control over financial reporting.”107 The framework used must

be “a suitable, recognized control framework that is established by a body or group that has

followed due-process procedures, including the broad distribution of the framework for public

comment.”108 The SEC acknowledges that there are many different ways to conduct an evalua-

tion of the effectiveness of internal control over financial reporting, to aid companies is selecting

a method it has issued an interpretive guidance document.109

The only industry standard explicitly mentioned is COSO110 Internal Control – Integrated Frame-

work111, wich offers very little specific guidance on information security.112

The IT Governance Institute has explored the significance of SOx with respect to information

technology.113 Records management is not addressed in any significant detail by this report.

In the U.S. the rules regarding discovery pose particular requirements for preservation of docu-

ments. The impact of these rules is on electronic records management is the source of numerous

disputes.

The Sedona Conference Institute114 has a working group on Electronic Document Retention and

Production 115, which has published The Sedona Principles and The Sedona Guidelines on this

topic.

The Sedona Guidelines state that:

1. An organization should have reasonable policies and procedures for managing its information

and records.

2. An organization’s information and records management policies and procedures should be

realistic, practical, and tailored to the circumstances of the organization.

3. An organization need not retain all electronic information ever generated or received.

4. An organization adopting an information and records management policy should also de-

velop procedures that address the creation, identification, retention, retrieval, and ultimate

disposition or destruction of information and records.107 Final Rule: Management’s Report on Internal Control Over Financial Reporting and Certification of Disclosure

in Exchange Act Periodic Reports, Release No. 33-8238 (June 5, 2003), available at http://www.sec.gov/rules/final/33-8238.htm.

108 17 CFR §240.13a-15 and 15d-15 (c).109 Release No. 34-55929.110 Committee of Sponsoring Organizations of the Treadway Commission, http://www.coso.org.111 See the background information in the Final Rule: Management’s Report on Internal Control Over Financial

Reporting and Certification of Disclosure in Exchange Act Periodic Reports, Release No. 33-823.112 NEARON et al., Jurimetrics 45 [2005], op. cit. (as in n. ??), p. 409 ff.113 IT Governance Institute, IT Control Objectives for Sarbanes-Oxley, 2004, 34 p.114 http://www.thesedonaconference.org/.115 http://www.thesedonaconference.org/wgs.

123

LongRec Compliance State-of-the-Art

5. An organization’s policies and procedures must mandate the suspension of ordinary destruc-

tion practices and procedures as necessary to comply with the preservation obligations related

to actual and reasonably anticipated litigation, government investigation, or audit.

Further reading

• Sedona Conference Institute http://www.thesedonaconference.org/

• MASON, STEPHEN, “Authentic Digital Records: Laying the Foundation for Evidence”, The

Information Management Journal, 2007, Nr. Sept/Okt

• JONES, THOMAS M. et al., “Going global. Mapping an international records retention strat-

egy.” The Information Management Journal, 2008, Nr. May/June

124

Bibliography

Agnoloni, Tommaso, Francesconi, Enrico and Spinosa, Pierluigi, “xmLegesEditor: an Open-

Source Visual XML Editor for supporting Legal National Standards”, In Biagioli, Carlo,Francesconi, Enrico and Sartor, Giovanni (ed.), Proceedings of of the V Legislative XML

Workshop, European Press Academic Publishing, 2007 , http://www.e-p-a-p.com/

dlib/9788883980466/art17.pdf, 239–251.

Ahmad, A., “The Forensic Chain of Evidence Model: Improving the Process of Evidence Col-

lection in Incident Handling Procedures”, In X. (ed.), Proceedings of the 6th Pacific Asia Con-

ference on Information Systems, 2002 , http://www.dis.unimelb.edu.au/staff/

atif/AhmadPACIS.pdf, 5 p.

Aiken, Peter et al., Measuring Data Management Practice Maturity: A Community’s

Self-Assessment, 2007 , http://doi.ieeecomputersociety.org/10.1109/MC.

2007.139.

Ajani, Gianmaria et al., “Multilingual Conceptual Dictionaries Based on Ontologies”, In Bi-agioli, Carlo, Francesconi Enrico Sartor Giovanni (ed.), Proceedings of of the V Legislative

XML Workshop, European Press Academic Publishing, 2007 , http://www.e-p-a-p.

com/dlib/9788883980466/art12.pdf, 161–172.

Anderson, Anne, A Comparison of Two Privacy Policy Languages:EPAL and XACML, Sun Mi-

crosystems Laboratories, 2005 , http://research.sun.com/techrep/2005/smli_

tr-2005-147/TRCompareEPALandXACML.html, Technical Report.

Bearman, David et al., “A common model to support interoperable metadata”, D-Lib Mag-

azine, Vol. 5 1999, Nr. 1 , http://www.dlib.org/dlib/january99/bearman/

01bearman.html.

Becker, Arnd, Elektronische Dokumente als Beweismittel im Zivilprozess, Frankfurt, Peter

Lang, 2004.

125

LongRec Compliance State-of-the-Art

Berger, Christian, “Beweisführung mit elektronischen Dokumenten”, NJW, 2005, Nr. 15,

1016–1020.

Biagioli, C. et al., “The NIR Project: standards and tools for the Italian legislative environment”,

Berlin, 2004 , http://www.jurix.nl/index.php?option=com_docman\task=

docclick\Itemid=27\bid=14\limitstart=0\limit=10, Presentation.

Biagioli, Carlo, “How to link (external) models or interpretations of the meaning of sources

of law to the original sources”, Leiden, 2007 , http://www.lri.jur.uva.nl/

~winkels/PP-Jurix-2007.pdf.

Biagioli, Carlo et al., “Law Making Environment. Perspectives”, In Biagioli, Carlo,Francesconi, Enrico and Sartor, Giovanni (ed.), Proceedings of of the V Legislative XML

Workshop, European Press Academic Publishing, 2007 , http://www.e-p-a-p.com/

dlib/9788883980466/art19.pdf, 267–281.

Binazzi, Simona et al., “ITLaw: An Advanced Documentation System in Legal Informatics”,

The Journal of Information, Law and Technology, 1999, Nr. 1 , http://www2.warwick.

ac.uk/fac/soc/law/elj/jilt/1999_1/idg/binazzi/.

Blarkom, G.W. van, Borking, J.J. and Olk, J.G.E., Handbook of Privacy and Privacy-

Enhancing Technologies, The case of Intelligent Software Agents, The Hague, Col-

lege bescherming persoonsgegevens, 2003 , http://www.andrewpatrick.ca/pisa/

handbook/Handbook_Privacy_and_PET_final.pdf.

Boer, Alexander, “Using event descriptions for metadata about legal documents”, In Winkels,Radboud and Francesconi, Enrico (ed.), Electronic Proceedings of the Workshop on Stan-

dards for Legislative XML, 2007 , http://www.leibnizcenter.org/~winkels/

events.pdf, in conjunction with Jurix 2007.

Boer, Alexander, Hoekstra, Rinke and Winkels, Radboud, “Metalex: Legislation in XML”,

In Bench-Capon, Trevor, Daskalopulu, Aspassia and Winkels, Radboud (ed.), Legal Knowl-

edge and Information Systems: JURIX 2002, IOS Press, 2002 , http://www.jurix.nl/

pdf/j02-01.pdf.

Borking, J.J., “The status of Privacy Enhancing Technologies”, In Nardelli, E., Posadziejew-ski, S. and Talamo, M. (ed.), Certification and Security in E-Services, From E-Government to

E-Business, Boston, Kluwer, 2003, 211–246.

Borking, J.J. et al., Methodology of Privacy Threat Analysis, The Hague, EU PISA project

IST-2000-26038, 2001, Deliverable 7 of WP 2.

126

LongRec Compliance State-of-the-Art

Borking, John, “Privacy Rules, A Steeple Chase For Systems Architects”, In X. (ed.), W3C

Workshop on Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement,

17 and 18 October 2006, Ispra, Italy, W3C, 2006 , http://www.w3.org/2006/07/

privacy-ws/papers/, 17 p.

Broucek, Vlasti and Turner, Paul, “Winning the Battles, Losing the War? Rethinking Method-

ology for Forensic Computing Research”, Journal in Computer Virology, Vol. 2 2006, Nr. 1,

3–12.

Broucek, Vlasti, Turner, Paul and Frings, Sandra, Music piracy, universities and the Aus-

tralian Federal Court: Issues for forensic computing specialists, 2005, 21 , http://dx.

doi.org/10.1016/j.clsr.2005.01.014, 30–37.

Bundesarchiv, Schweizerisches (ed.), Rechtliche Aspekte elektronischer Geschäftsverwal-

tung, Bern, 2007 , http://www.isb.admin.ch/themen/architektur/00078/

00080/00212/index.html?lang=de\download=NHzLpZeg7t,, 17 p.

Casanovas, Pompeu et al. (ed.), Stanford, CA, USA,, Stanford University, 2007, http://

sunsite.informatik.rwth-aachen.de/Publications/CEUR-WS/Vol-321/.

Casassa Mont, Marco, “Dealing with Privacy Obligations: Important Aspects and Technical

Approaches”, In Katsikas, Sokratis K., Lopez Javier Pernul Günther (ed.), Trust and Pri-

vacy in Digital Business, Volume 3184, Lecture Notes in Computer Science, Springer, 2004 ,

http://dx.doi.org/10.1007/b99832, 120–131.

Casassa Mont, Marco, A System to Handle Privacy Obligations in Enterprsies, HP,

2005, HP Technical Report , http://www.hpl.hp.com/techreports/2005/

HPL-2005-180.html, 104 p, HPL-2005-1.

Casassa Mont, Marco; X. (ed.), On the Need to Explicitly Manage Privacy Obligation Policies

as Part of Good Data Handling Practices, Ispra, Italy, W3C, 2006 , http://www.w3.

org/2006/07/privacy-ws/papers/, 4 p.

Cevenini, Claudia et al., “Development of the ALIS IP Ontology: Merging Legal and Technical

Perspectives”, In X. (ed.), Computer-Aided Innovation (CAI), IFIP International Federation

for Information Processing, Boston, Springer, 2008 , http://dx.doi.org/10.1007/

978-0-387-09697-1_14, 169–180.

Committee, PREMIS Editorial, PREMIS Data Dictionary for Preservation Metadata,

PREMIS, 2008 , http://www.loc.gov/standards/premis/, 217 p.

127

LongRec Compliance State-of-the-Art

Coyle, Karen, “Descriptive metadata for copyright status”, First Monday, 10 2005, Nr. 10 ,

http://www.firstmonday.org/issues/issue10_10/coyle/index.html.

Coyle, Karen, Rights in the PREMIS Data Model, Washington D.C., U.S.A., Li-

brary of Congress, 2006 , http://www.loc.gov/standards/premis/

Rights-in-the-PREMIS-Data-Model.pdf, 32 p.

CTOSE Consortium, CTOSE Project Results, 2003 , http://web.archive.org/web/

*hh_/www.ctose.org/ResultsPaperv6.pdf.

de Oliveira Lima, João Alberto, “An Adaptation of the FRBR Model to Legal Norms”, In

Biagioli, Carlo, Francesconi Enrico Sartor Giovanni (ed.), Proceedings of of the V Legislative

XML Workshop, European Press Academic Publishing, 2007 , http://www.e-p-a-p.

com/dlib/9788883980466/art4.pdf, 53–65.

Dekeyser, Hannelore and Lipinski, Tomas, “Digital Archiving and Copyright Law: A Com-

parative Analysis”, International Journal of Communication Law and Policy, 12 2008, 179–224

, http://www.ijclp.net/12_2008/pdf/dekeyserlipinski.pdf.

Dekkers, Makx, Weibel Stuart, “State of the Dublin Core Metadata Initiative”, D-Lib Mag-

azine, Vol. 9 2003, Nr. 4 , http://dlib.org/dlib/april03/weibel/04weibel.

html.

Delgado, Jaime et al., “IPROnto - Intellectual Property Rights Ontology”, ISWC, 2002 ,

http://dmag.upf.edu/ontologies/ipronto/ISWCPoster.pdf, Poster.

Delgado, Jaime et al., “IPROnto: An Ontology for Digital Rights Management”, In Bouncier,D. (ed.), Legal Knowledge and Information Systems, Jurix 2003, Amsterdam, IOS Press, 2003

, http://www.jurix.nl/, 111–120.

Dinant, Jean-Marc, “The long way from electronic traces to electronic evidence”, Interna-

tional Review of Law, Computers Technology, Vol. 18 2004, 173–183.

EFD, Eidgenössisches Finanzdepartement (ed.), Vorgaben zu GEVER / Records Man-

agement, 2007 , http://www.isb.admin.ch/themen/architektur/00078/

00197/00214/index.html?lang=de\download=NHzLpZeg7t,, 4 p.

ENFSI (ed.), Guidelines for Best Practice in the Forensic Examination of Digital Technology,

ENFSI, 2006 , http://www.enfsi.eu/uploads/files/ENFSI_Forensic_IT_

Best_Practice_GUIDE_5\%5B1\%5D.0.pdf, 28 p, Version 5.

128

LongRec Compliance State-of-the-Art

Europe, RAND (ed.), Handbook of Legislative Procedures of Computer and Network Misuse in

EU Countries – Study for the European Commission, Directorate-General Information Society,

2002, 287 p.

Fellbaum, Christiane, WordNet: An electronic lexical database, Cambridge, Mass., MIT

Press, 1998, 305 p.

Finke, Nicholas D., “TEI Extensions for Legal Text”, In X. (ed.), Proceedings of the Text En-

coding Initiative Tenth Anniversary User Conference, 1997 , http://xml.coverpages.

org/finkeTEI10.html.

Fischer, Laurie, “Condition critical: developing records retention schedules”, The Information

Management Journal, Jan/Feb 2006, 26.

Francesconi, Enrico, “The "Norme in Rete"- project: Standards and tools for Italian legis-

lation”, International Journal of Legal Information, Vol. 34 2006, Nr. 2, 358–376 , http:

//www.xmleges.org/ita/images/stories/francesconiijli06.pdf.

Franks, Pat and Kunde, Nancy, “Why metadata matters”, The Information Management Jour-

nal, Sept/Oct 2006, 55–61.

Frings, S. et al., “Cyber Crime Advisory Tool - C*CAT: a holistic approach to electronic ev-

idence processing”, Proceedings of the 10th International Conference on Human-Computer

Interaction, 3 2003, 704–708.

García, Roberto, A Semantic Web Approach to Digital Rights Management, Barcelona, Spain,

Department of Technologies, Universitat Pompeu Fabra, 2005 , http://rhizomik.net/

~roberto/thesis/, 286 p.

García, Roberto, Gil, Rosa and Delgado, Jaime, “Intellectual Property Rights Management

using a Semantic Web Information System”, In X. (ed.), OTM Confederated International

Conferences, CoopIS, DOA, and ODBASE 2004, Lecture Notes in Computer Science, Berlin,

Springer, 2004, 3291, 689 – 704.

García, Roberto, Gil, Rosa and Delgado, Jaime, “A web ontologies framework for digital

rights management”, Artificial Intelligence and Law, Vol. 15 2007, Nr. 2, 137–154 , http:

//dx.doi.org/10.1007/s10506-007-9032-6.

Gasser, Urs and Haeusermann, Daniel M., “E-Compliance: Konzept, Merkmale, Aufgaben

und organisatorische Auswirkungen”, In X. (ed.), Internet-Recht und Electronic Commerce

Law: 9. Tagungsband, Bern, Stämpfli, 2006, p. 71–100.

129

LongRec Compliance State-of-the-Art

Gasser, Urs and Haeusermann, Daniel M., E-Compliance: Towards a Roadmap for Effective

Risk Management, Harvard, The Berkman Center for Internet Society, 2007 , http://

ssrn.com/abstract=971848, 24 p.

Giblin, C. et al., “Regulations Expressed as Logical Models (REALM)”, In Moens, Marie-Francine and Spyns, Peter (ed.), Proceedings of the 18th Annual Conference on Legal Knowl-

edge and Information Systems, Brussels, Jurix, 2005, 37–48.

Gounaris, Anastasios and Theodoulidis, Babis, “Data Base Management Systems (DBMSs):

Meeting the requirements of the EU data protection legislation”, International Journal of

Information Management, 23 2003, Nr. 3, 185–199 , http://dx.doi.org/10.1016/

S0268-4012(03)00023-9.

Governatori, Guido and Rotolo, Antonino, “Modelling Contracts Using RuleML”, In Gor-don, T. (ed.), Legal Knowledge and Information Systems, Jurix 2004, Amsterdam, IOS Press,

2004 , http://www.jurix.nl/pdf/j04-16.pdf, 141–150.

Grandi, Fabio, Mandreoli, Federica and Tiberio, Paolo, “Temporal modelling and manage-

ment of normative documents in XML format”, Data Knowledge Engineering, vol. 54 2005,

Nr. 3, 327 – 354 , http://dx.doi.org/10.1016/j.datak.2004.11.002.

Group, Rights Data Management (ed.), CopyrightMD User Guidelines, Version 0.9, Califor-

nia Digital Library, 2006 , http://www.cdlib.org/inside/projects/rights/

schema/copyrightMD_user_guidelines.pdf, 19 p.

Gunter, Carl A., “Ensuring Privacy Conformance in Inter-Domain Systems”, In X. (ed.), W3C

Workshop on Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement,

17 and 18 October 2006, Ispra, Italy, W3C, 2006 , http://www.w3.org/2006/07/

privacy-ws/papers/, 5 p.

Hajtnik, Tatjana, “Maintaining legal value of a record throughout their lifecycle”, DLM

Forum Meeting, Ljubljana, 8-9 april 2008, 2008 , http://dlmforum.typepad.com/

Slovenia_Hajtnik.pdf, Presentation.

Hatter, Clyde, “Standard Models for Legislation - The Cost of Compliance”, In Biagioli,Carlo, Francesconi, Enrico and Sartor, Giovanni (ed.), Proceedings of of the V Legislative

XML Workshop, European Press Academic Publishing, 2007 , http://www.e-p-a-p.

com/dlib/9788883980466/art16.pdf, 225–237.

130

LongRec Compliance State-of-the-Art

Hietanen, Aki, “Networking European Legal Sites : Experiences and Challenges”, In X. (ed.),Proceedings of the Law via the Internet Conference, Paris, 2004 , http://www.frlii.

org/IMG/pdf/hietanenparis.pdf.

Hirtle, Peter, Copyright Term and the Public Domain in the United States 1 Jan-

uary 2007, 2007 , http://www.copyright.cornell.edu/training/Hirtle_

Public_Domain.htm, 4.

Hoekstra, Rinke et al., “The LKIF Core Ontology of Basic Legal Concepts”, In Casanovas,Pompeu et al. (ed.), Proceedings of the Workshop on Legal Ontologies and Artificial Intel-

ligence Techniques (LOAIT 2007), Stanford, CA, USA,, 2007 , http://sunsite.

informatik.rwth-aachen.de/Publications/CEUR-WS/Vol-321/.

Hoffmann, Mathis, “Der Beweiswert elektronischer Dokumente”, DSWR, 2006, Nr. 3, 60 ff..

Hofman, Hans, “Developments in ISO standards for recordkeeping”, 2005 , http://

dlmforum.typepad.com/Paper_HansHofman_onstandards.pdf.

Hsu, Windsor W. and Ong, Shauchi, Fossilization: A Process for Establish-

ing Truly Trustworthy Records, IBM Almaden Research Center, 2004, IBM Re-

search , http://domino.research.ibm.com/library/cyberdig.nsf/

1e4115aea78b6e7c85256b360066f0d4/02da1cea05c6c61, 11 p.

Iacovino, Livia and Todd, Malcolm, “The long-term preservation of identifiable personal

data: a comparative archival perspective on privacy regulatory models in the European Union,

Australia, Canada and the United States”, Archival Science, vol. 7 2007, Nr. 1, 107–127 ,

http://dx.doi.org/10.1007/s10502-007-9055-5.

Iannella, Renato, “Digital Rights Management (DRM) Architectures”, D-Lib Magazine, Vol.

7 2001, Nr. 6 , http://www.dlib.org/dlib/june01/iannella/06iannella.

html.

Iannella, Renato, Henricksen, Karen and Robinson, Ricky, “A Policy Oriented

Architecture for the Web: New Infrastructure and New Opportunities”, Ispra,

Italy, W3C, 2006 , http://www.w3.org/2006/07/privacy-ws/papers/

05-ianella-policy-oriented-architecture, 4 p.

IFLA Study Group on the Functional Requirements for Bibliographic Records, Functional

Requirements for Bibliographic Records, München, K.G. Saur, 1998, 136 p.

131

LongRec Compliance State-of-the-Art

Jones, Thomas M. et al., “Going global. Mapping an international records retention strategy.”

The Information Management Journal, 2008, Nr. May/June, 30–36.

Kabilan, Vandana, Johannesson, Paul and Rugaimukamu, Dickson M., “Business Contract

Obligation Monitoring through Use of Multi Tier Contract Ontology”, In X. (ed.), On The Move

to Meaningful Internet Systems 2003: OTM 2003 Workshops, Volume 2889, Lecture Notes in

Computer Science, Berlin, Springer, 2003 , http://dx.doi.org/10.1007/b94345,

690–702.

Karyda, Maria and Mitrou, Lilian, “Internet forensics: legal and technical issues”, Proceed-

ings of the second International Workshop on Digital Forensics and Incident Analysis 2007.

Kearsley, Amanda J., “Electronic Document Management, Legal admissibility of evidence

held in electronic form”, Computer Law Security Report, Vol. 15 1999, Nr. 3, 185–187.

Keneally, Erin E., “Digital logs - proof matters”, Digital Investigation, 2004, Nr. 1, 94–101 ,

http://www.elsevier.com/locate/diin.

Kenny, S. and Borking, J., “The Value of Privacy Engineering”, The Journal of Information,

Law and Technology, 2002, Nr. 1 , http://www2.warwick.ac.uk/fac/soc/law/

elj/jilt/2002_1/kenny/.

Kerrigan, Shawn and Law, Kincho H., “Logic-based regulation compliance-assistance”, New

York, ACM Press, 2003, 126–135.

Klein, Susanne, “Die Beweiskraft elektronischer Verträge. Zur Entwicklung der zivilprozess-

rechtlichen Vorschriften über die Beweiskraft elektronischer Dokumente”, JurPC Web-Dok.

2007, Nr. 198, 1–71.

Kuehl Frostestad, Heidi, “Globalex: A Unique and Valuable Tool for Foreign, Compara-

tive, and International Law Research”, International Journal of Legal Information, 34 2006,

473–482 , http://www.heinonline.org/HOL/Page?handle=hein.journals/

ijli34\id=1\size=2\collection=journals\index.

Lavoie, Brian F., “PREMIS With a Fresh Coat of Paint. Highlights from the Revision of the

PREMIS Data Dictionary for Preservation Metadata”, D-Lib Magazine, Vol. 14 2008, Nr. 5/6 ,

http://www.dlib.org/dlib/may08/lavoie/05lavoie.html.

Lehmann, Jos et al. (ed.), LOAIT - Legal Ontologies and Artificial Intelligence Techniques,

Volume 4, IAAIL Workshop Series, Tilburg, Wolf Legal Publishers, 2005.

132

LongRec Compliance State-of-the-Art

Leroux, Olivier, “Legal admissibility of electronic evidence”, International Review of Law,

Computers Technology, Vol. 18 2004, Nr. 2, 193–220.

Limone, D. A., “L’insegnamento dell’informatica giuridica in Italia”, In Frosini, V andLimone, D. A. (ed.), L’insegnamente dell’informatica giuridica, Naples, 1990, p. 19–27.

Lyytikäinen, Virpi, Tiitinen, Pasi T. and Salminen, Airi, “XML Metadata for Accessing

Heterogeneous Legal Databases”, In X. (ed.), Proceedings of the XML Europe 2001 Con-

ference, 2001 , http://www.gca.org/papers/xmleurope2001/papers/html/

s27-4.html.

Madsen, Paul, Casassa Mont, Marco and Wilton, Robin, “A Privacy Policy Framework -

A Position paper for the W3C Workshop of Privacy Policy Negotiation”, In X. (ed.), W3C

Workshop on Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement,

17 and 18 October 2006, Ispra, Italy, W3C, 2006 , http://www.w3.org/2006/07/

privacy-ws/papers/, 7 p.

Magnusson Sjöberg, Cecilia, Stockholm, Jure, 1998.

Marcus, J. Scott, Carter, Kenneth and Robinson, Neil, e.a., Comparison of Privacy and Trust

Policies in the Area of Electronic Communications, Bad Honnef, wik-Consult GmbH, 2007 ,

http://ssrn.com/abstract=1086929, 214 p.

Mason, Stephen, “Authentic Digital Records: Laying the Foundation for Evidence”, The In-

formation Management Journal, 2007, Nr. Sept/Okt, 32–40.

Mason, Stephen, “Archiving and storing e-mails - The legal and practical issues”, Computer

Law Security Report, vol. 24 2008, Nr. 2, 176–180 , http://dx.doi.org/10.1016/j.

clsr.2007.09.004.

May, Michael J., Gunter, Carl A. and Insup, Lee, “Privacy APIs: Access Control Techniques

to Analyze and Verify Legal Privacy Policies”, In X. (ed.), Computer Security Foundations

Workshop, Venice, Italy, 2006 , http://seclab.uiuc.edu/pubs/MayGL06.pdf, 13

p.

Miller, George A., “WordNet: A lexical database for english”, Communications of the ACM,

vol. 38 1995, Nr. 11, 39–41.

Mitrakas, Anreas, Zaitch Damien, “Law, Cybercrime and digital forensics: Trailing Digi-

tal Suspects”, In Kanelis, Panagiotis, Kiountouzis Evangelos Kolokotronis Nicholas Drak-

133

LongRec Compliance State-of-the-Art

oulis Martakos (ed.), Digital Crime and Forensic Science in Cyberspace, London, Idea Group,

2006, 267–290.

Moens, Marie-Francine, “Innovative techniques for legal text retrieval”, Artificial Intelligence

and Law, 9 2001, 29–57.

Montana, John, “The Sarbanes-Oxley Act: Five Years Later”, The Information Management

Journal, 2007, Nr. Nov/Dec, 48–53.

Muller, Murk, “Legal RDF Dictionary”, In X. (ed.), Proceedings of XML Europe 2002,

2002 , http://www.idealliance.org/papers/xmle02/dx_xmle02/papers/

03-04-03/03-04-03.html.

Myler, Ellie, “Minimizing Risks through a corporate information compliance initiative”, The

Information Management Journal, 2008, Nr. Jan/Feb, 58–63.

Nearon, Bruce H. et al., “Life after Sarbanes-Oxley: The merger of information security and

accountability”, Jurimetrics, 45 2005, 379–412.

Palmirani, Monica and Brighi, Raffaella, “Time Model for Managing the Dynamic of Nor-

mative System”, In Wimmer, Maria A. et al. (ed.), Electronic Government,.

Peglar, Rob, “Evidence management solutions for mitigating e-records risks”, The Information

Management Journal, 2007, Nr. July/Aug, 56–60.

Perez Asinari, Maria Veronica, “Legal constraints for the protection of privacy and personal

data in electronic evidence handling”, International Review of Law, Computers Technology,

Vol. 18 2004, Nr. 2, 231–250.

Peters, Wim, Sagri, Maria-Teresa and Tiscornia, Daniela, “The structuring of legal knowl-

edge in LOIS”, Artificial Intelligence and Law, Vol. 15 2007, Nr. 2, 117–135.

Petersen, Knud Erik, “Lex Dania XMl status april 2005”, I Quaderni, 2005, Nr. 18, 13–19 ,

http://www.cnipa.gov.it/site/_files/Quaderno\%2018.pdf.

Pfitzmann, Birgit, Powers, Calvin and Waidner, Michael, IBM’s Unified Governance Frame-

work (UGF) Initiative, Zurich, IBM Research Division, 2007, IBM Research Report RZ 3699 ,

http://www.zurich.ibm.com/pdf/csc/rz3699_UGF-whitepaper.pdf, 22 p.

Riveret, Régis, Palmirani, Monica and Rotolo, Antonino, “Legal Consolidation formalised in

Defeasible Logic and based on Agents”, In Biagioli, Carlo, Francesconi Enrico Sartor Gio-vanni (ed.), Proceedings of of the V Legislative XML Workshop, European Press Academic

134

LongRec Compliance State-of-the-Art

Publishing, 2007 , http://www.e-p-a-p.com/dlib/9788883980466/art9.pdf,

117–135.

Roßnagel, Alexander, Pfitzmann Andreas, “Der Beweiswert von E-Mail”, NJW, 2003, Nr. 17,

1209–1214.

Rowlingson, Robert, “A Ten Step Process for Forensic Readiness”, Inter-

national Journal of Digital Evidence, vol. 2 2004, Nr. 3 , http://www.

utica.edu/academic/institutes/ecii/publications/articles/

A0B13342-B4E0-1F6A-156F501C49CF5.

Rubino, Rossella, Rotolo, Antonino and Sartor, Giovanni, “An OWL Ontology of Norms and

Normative Judgements”, In Biagioli, Carlo, Francesconi, Enrico and Sartor, Giovanni (ed.),Proceedings of of the V Legislative XML Workshop, European Press Academic Publishing,

2007 , http://www.e-p-a-p.com/dlib/9788883980466/art13.pdf, 173–187.

Rundle, Mary, “International Personal Data Protections and Digital Identity Man-

agement Tools”, In X. (ed.), W3C Workshop on Languages for Privacy Pol-

icy Negotiation and Semantics-Driven Enforcement, 17 and 18 October 2006,

W3C, 2006 , http://www.w3.org/2006/07/privacy-ws/papers/

21-rundle-data-protection-and-idm-tools, 4 p.

Rust, Godfrey, Bide Mark (ed.), The indecs metadata framework, Principles, model and

data dictionary, Indecs, 2000 , http://www.doi.org/topics/indecs/indecs_

framework_2000.pdf, 49 p.

Rust, Godfrey, “Metadata: The Right Approach”, D-Lib Magazine, 1998 , http://www.

dlib.org/dlib/july98/rust/07rust.html.

Ryan, Henry et al., “Ontology-Based Platform for Trusted Regulatory Compliance Services”,

In X. (ed.), On The Move to Meaningful Internet Systems 2003: OTM 2003 Workshops, Vol-

ume 2889, Lecture Notes in Computer Science, Berlin, Springer, 2003 , http://dx.doi.

org/10.1007/b94345, 675–689.

Sato, O, Broucek, V and Turner, P., “Electronic evidence management for computer incident

investigations: a prospect of CTOSE”, Security Manage, 2005, Nr. 18, 11–18.

Sommer, P., “Intrusion Detection Systems as Evidence”, In X. (ed.), Proceedings of Recent

Advances in Intrusion Detection 1998, 1998 , http://www.raid-symposium.org/

raid98/Prog_RAID98/Full_Papers/Sommer_text.pdf, 14 p.

135

LongRec Compliance State-of-the-Art

Spinosa, Pierluigi, “Expansion and Internationalization of the Italian Schema of Assignment

of Uniform Names”, I Quaderni, 2005, Nr. 18, 118–133 , http://www.cnipa.gov.it/

site/_files/Quaderno\%2018.pdf.

Spinosa, Pierluigi, “Internationalization of the Legal URN Schema”, In Biagioli, Carlo,Francesconi, Enrico and Sartor, Giovanni (ed.), Proceedings of of the V Legislative XML

Workshop, European Press Academic Publishing, 2007 , http://www.e-p-a-p.com/

dlib/9788883980466/art6.pdf, 87–97.

Stephenson, P., “End-to-End Digital Forensics”, Computer Fraud and Security, 2002, Nr. 9,

17–19 , http://dx.doi.org/10.1016/S1361-3723(02)00914-4.

Stephenson, P., “A Comprehensive Approach to Digital Incident Investigation”, Information

Security Technical Report, Vol. 8 2003, Nr. 2, 42–54 , http://dx.doi.org/10.1016/

S1363-4127(03)00206-1.

Stephenson, P., “Using Evidence Effectively”, Computer Fraud and Security, 2003, Nr. 3,

17–19 , http://dx.doi.org/10.1016/S1361-3723(03)03012-4.

Tillett, Barbara, What is FRBR? A conceptual model for the bibliographic universe, Wash-

ington D.C., U.S.A., Library of Congress, 2004 , http://www.loc.gov/cds/

downloads/FRBR.PDF.

Tiscornia, Daniela, “Metadata for Content Description”, I Quaderni, 2005, Nr. 18, 134–144 ,

http://www.cnipa.gov.it/site/_files/Quaderno\%2018.pdf.

Tiscornia, Daniela, “The Lois Project: Lexical Ontologies for Legal Information Sharing”, In

Biagioli, Carlo, Francesconi, Enrico and Sartor, Giovanni (ed.), Proceedings of of the V

Legislative XML Workshop, European Press Academic Publishing, 2007 , http://www.

e-p-a-p.com/dlib/9788883980466/art14.pdf, 189–204.

Turtle, H., “Text retrieval in the legal world”, Artificial Intelligence and Law, 3 1995, 5–24.

Van Engers, T. et al., “POWER: Using UML/OCL for Modeling Legislation -an application

report”, In X. (ed.), Proceedings of the 8th International Conference on Artificial Intelligence

and Law (ICAIL 2001), New York, ACM, 2001, 157–167.

Vitali, Fabio and Zeni, Flavio, “Towards a country-independent data format: the Akoma Ntoso

experience”, In Biagioli, Carlo, Francesconi, Enrico and Sartor, Giovanni (ed.), Proceedings

of of the V Legislative XML Workshop, European Press Academic Publishing, 2007 , http:

//www.e-p-a-p.com/dlib/9788883980466/art5.pdf, 67–86.

136

LongRec Compliance State-of-the-Art

Vossen, Piek, EuroWordNet A Multilingual Database with Lexical Semantic Networks, Dor-

drecht, Kluwer Academic Publishers, 1998, 184 p.

Waldron, Martin, “Adopting electronic records management: European strategic initiatives”,

The Information Management Journal, 2004, Nr. July/Aug, 30–35.

Weitzner, Daniel J. et al., “Transparency and End-to-End Accountability: Requirements for

Web Privacy Policy Languages”, In X. (ed.), W3C Workshop on Languages for Privacy Pol-

icy Negotiation and Semantics-Driven Enforcement, 17 and 18 October 2006, W3C, 2006 ,

http://www.w3.org/2006/07/privacy-ws/papers/, 5 p.

Winkels, R.G.F. et al., “Generating Exception Structures for Legal Information Serving”, In

Gordon, Th.F. (ed.), Proceedings of the Seventh International Conference on Artificial Intelli-

gence and Law (ICAIL-99), New York, ACM, 1999, 182–195.

Wolfe, Henry B., “Evidence Analysis”, Computers Security, Vol. 22 2003, Nr. 4, 289–291 ,

http://dx.doi.org/10.1016/S0167-4048(03)00404-8.

X. (ed.), The admissibility of electronic evidence in court: fighting against high-tech crime,

Barcelona, Cybex, 2006 , http://www.cybex.es/agis2005/docs/libro_aeec_

en.pdf, 64 p.

Zhu, Qingbo, Hsu Windsor W., “Fossilized Index: The Linchpin of Trustworthy Non-Alterable

Electronic Records”, In X. (ed.), International Conference on Management of Data archive.

Proceedings of the 2005 ACM SIGMOD international conference on Management of data, New

York, ACM Press, 2005 , http://portal.acm.org/citation.cfm?id=1066157.

1066203, 395–406.

137